httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Marc Slemko <>
Subject Re: [BUG?] Allow: header if OPTIONS disabled
Date Sat, 04 Oct 1997 22:06:56 GMT
On Sat, 4 Oct 1997, Lars Eilebrecht wrote:

> Hi,
> Imagine the following configuration:
>  <Location /foobar.html>
>  <Limit OPTIONS>
>  deny from all
>  </Limit>
>  </Location>
> This will prevent clients to do an OPTIONS request, but
> on a POST request Apache outputs an 'Allow:' header:

But options isn't disabled.  Access is simply denied to a subset of
clients that, in this case, happens to be the same as the set of all
clients.  OPTIONS is still an allowed header; denying access doesn't
change it, it just denies access to it.

Well, that's my idea anyway.  

Consider the case when authentication is required.  The current
request would be denied access to it, but if it were really a 
request for it then the client would get a 401 and have a chance
to authenticate.  The case you mention is really a special case and I'm
not sure you gain anything by trying to put code in to deal with such
special cases.

View raw message