[prev in list] [next in list] [prev in thread] [next in thread]
List: apache-httpd-dev
Subject: Re: PATCH <PR-36368> DisallowPost
From: Nick Kew <nick () webthing ! com>
Date: 2005-08-27 15:19:45
Message-ID: 43108491.2080607 () webthing ! com
[Download RAW message or body]
> But it's really the only place it can be done, from RFC2616;
>
> 10.4.6 405 Method Not Allowed
>
> The method specified in the Request-Line is not allowed for the
> resource identified by the Request-URI. The response MUST include an
> Allow header containing a list of valid methods for the requested
> resource.
>
> httpd can't predict what methods the resource will accept.
If it's rejecting a request based on <Limit(Except)>, it can infer
a list of allowed methods from that.
>>So, in true open source style, I hacked on mod_cgi and made a patch.
mod_cgi is not really the appropriate place for that. It's a matter
either for the CGI application itself, or for the core code that
implements <Limit>/<LimitExcept>.
Of course it's fine to patch it for your own use, and share your patch.
But it wouldn't be appropriate for the standard apache codebase.
> This patch doesn't seem to honour RFC2616, and doesn't add an "Allow:"
> header to the request. It's also specific to a single method.
>
> However, at present I don't think mod_cgi(d) will allow an "Allow:"
> header through from a CGI, so this probably should be fixed, for this
> reason.
Erm, last time I looked, a CGI script could generate any HTTP headers
it pleases. Not to be confused with the fact that a typical CGI script
generates less than a full HTTP response, so Apache usually has to add
something to what CGI generates.
--
Nick Kew
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic