[PATCH] "Allow" header

Igor Sysoev is at rambler-co.ru
Sun May 20 11:45:26 MSD 2007


On Sat, May 19, 2007 at 09:00:28PM +0000, Evan Miller wrote:

> The "Allow" header in HTTP tells a client what methods (GET, POST, DELETE, etc.)
> are permitted at a certain URL. RFC 2616
> (http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.7) says that an
> HTTP 1.1 server "MUST" return an Allow header with all 405 Method Not Allowed
> responses. However, Nginx does not currently comply with this provision. Below
> is a patch to support the Allow header. It puts the burden of defining legal
> methods on handler modules, so I have modified all of the modules that return a
> 405 response to use the Allow header appropriately.
> 
> 
> Without patch:
> 
> DELETE /static/foo.bar HTTP/1.1
> Host: tim
> 
> HTTP/1.1 405 Not Allowed
> Server: nginx/0.5.20
> Date: Sat, 19 May 2007 20:22:06 GMT
> Content-Type: text/html
> Content-Length: 173
> 
> <snip>
> 
> 
> With patch:
> 
> DELETE /static/foo.bar HTTP/1.1
> Host: tim
> 
> HTTP/1.1 405 Not Allowed
> Server: nginx/0.5.20
> Date: Sat, 19 May 2007 20:22:06 GMT
> Content-Type: text/html
> Content-Length: 173
> Allow: GET, HEAD
> 
> <snip>
> 
> 
> The patch works by letting modules set r->headers_out.allow_methods to a bitwise
> OR'd representation of the methods they allow. Modules can also set the Allow
> header explicitly and store the resulting ngx_table_elt_t in
> r->headers_out.allow, in which case the bitwise representation will be ignored.
> This follows the pattern of the other headers.
> 
> Comments appreciated.

Thank you for your patch, however, I do not see any practical use of the
"Allow" header line. Yes, it must be set according to HTTP/1.1, but is
there any client that can use this information ?


-- 
Igor Sysoev
http://sysoev.ru/en/





More information about the nginx mailing list