OSDir


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[users@httpd] AllowMethods and Allow header


Hi all,

The "Allow" header seems to be broken when using the AllowMethods directive.

Without AllowMethods, an OPTIONS request gives:

$ curl -X OPTIONS -i localhost/test
HTTP/1.1 200 OK
Date: Mon, 23 Jul 2018 03:43:40 GMT
Server: Apache/2.4.33 (Debian)
Allow: OPTIONS,HEAD,GET,POST,TRACE
Content-Length: 0

and a PUT request gives:

$ curl -X PUT -i localhost/test
HTTP/1.1 405 Method Not Allowed
Date: Mon, 23 Jul 2018 03:43:48 GMT
Server: Apache/2.4.33 (Debian)
Allow: OPTIONS,HEAD,GET,POST,TRACE
Content-Length: 225
[...]

All is well.  But if I attempt to disable POST like so:

AllowMethods HEAD GET OPTIONS

an OPTIONS request still shows POST enabled:

$ curl -X OPTIONS -i localhost/test
HTTP/1.1 200 OK
Date: Mon, 23 Jul 2018 03:45:40 GMT
Server: Apache/2.4.33 (Debian)
Allow: GET,POST,OPTIONS,HEAD,TRACE
Content-Length: 0

And although a POST request itself now produces a 405:

$ curl -X POST -i localhost/test
HTTP/1.1 405 Method Not Allowed
Date: Mon, 23 Jul 2018 03:46:29 GMT
Server: Apache/2.4.33 (Debian)
Allow: TRACE
Content-Length: 226

its Allow header bizarrely lists only "TRACE".  (Same is true of PUT.)

In both cases with AllowMethods set as above, I would expect "Allow" to list exactly GET, OPTIONS, HEAD, and TRACE.


Am I doing something wrong?  This looks like a bug to me, given that the responses to the methods themselves are correct.

Thanks,
Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx