[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-httpd-dev
Subject:    Re: PATCH <PR-36368> DisallowPost
From:       Nick Kew <nick () webthing ! com>
Date:       2005-08-27 15:19:45
Message-ID: 43108491.2080607 () webthing ! com
[Download RAW message or body]

> But it's really the only place it can be done, from RFC2616;
> 
> 10.4.6 405 Method Not Allowed
> 
>    The method specified in the Request-Line is not allowed for the
>    resource identified by the Request-URI. The response MUST include an
>    Allow header containing a list of valid methods for the requested
>    resource.
> 
> httpd can't predict what methods the resource will accept.

If it's rejecting a request based on <Limit(Except)>, it can infer
a list of allowed methods from that.

>>So, in true open source style, I hacked on mod_cgi and made a patch.

mod_cgi is not really the appropriate place for that.  It's a matter
either for the CGI application itself, or for the core code that
implements <Limit>/<LimitExcept>.

Of course it's fine to patch it for your own use, and share your patch.
But it wouldn't be appropriate for the standard apache codebase.

> This patch doesn't seem to honour RFC2616, and doesn't add an "Allow:"
> header to the request. It's also specific to a single method.
 >
> However, at present I don't think mod_cgi(d) will allow an "Allow:"
> header through from a CGI, so this probably should be fixed, for this
> reason.

Erm, last time I looked, a CGI script could generate any HTTP headers
it pleases.  Not to be confused with the fact that a typical CGI script
generates less than a full HTTP response, so Apache usually has to add
something to what CGI generates.

-- 
Nick Kew
[prev in list] [next in list] [prev in thread] [next in thread]