Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Response to bogus requests in MethodNotAllowed #70

Open
kkrull opened this issue May 7, 2018 · 1 comment
Open

Response to bogus requests in MethodNotAllowed #70

kkrull opened this issue May 7, 2018 · 1 comment

Comments

@kkrull
Copy link

kkrull commented May 7, 2018

BogusRequest appears to be creating requests with randomly generated HTTP methods, and spec always requires the response to be 405 Method Not Allowed. Depending on what method name is randomly generated:

  • If it happens to generate as one of the IANA methods that is supported, then the response should be the suitable 2xx response.
  • If it happens to generate one of the IANA methods that is not supported, then the response should be 405 Method Not Allowed as per RFC7231 Section 6.5.5
  • If it happens to be a method name that is not any of the IANA methods, then shouldn't the response be 501 Not Implemented?

The last paragraph in RFC7231 Section 4 says as follows:

When a request method is received
that is unrecognized or not implemented by an origin server, the
origin server SHOULD respond with the 501 (Not Implemented) status
code.  When a request method is received that is known by an origin
server but not allowed for the target resource, the origin server
SHOULD respond with the 405 (Method Not Allowed) status code.

Should MethodNotAllowed be refactored to use one of the other IANA methods that is not used elsewhere in cob_spec -- maybe TRACE or CONNECT?

@kkrull kkrull changed the title Response to bogus requests in MethodNotAllowed Response to bogus requests in MethodNotAllowed May 7, 2018
@jdesrosiers
Copy link
Contributor

Good catch! I missed that one. I'd love to see a PR addressing this issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants