httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Kew <>
Subject Re: PATCH <PR-36368> DisallowPost
Date Sat, 27 Aug 2005 15:19:45 GMT
> But it's really the only place it can be done, from RFC2616;
> 10.4.6 405 Method Not Allowed
>    The method specified in the Request-Line is not allowed for the
>    resource identified by the Request-URI. The response MUST include an
>    Allow header containing a list of valid methods for the requested
>    resource.
> httpd can't predict what methods the resource will accept.

If it's rejecting a request based on <Limit(Except)>, it can infer
a list of allowed methods from that.

>>So, in true open source style, I hacked on mod_cgi and made a patch.

mod_cgi is not really the appropriate place for that.  It's a matter
either for the CGI application itself, or for the core code that
implements <Limit>/<LimitExcept>.

Of course it's fine to patch it for your own use, and share your patch.
But it wouldn't be appropriate for the standard apache codebase.

> This patch doesn't seem to honour RFC2616, and doesn't add an "Allow:"
> header to the request. It's also specific to a single method.
> However, at present I don't think mod_cgi(d) will allow an "Allow:"
> header through from a CGI, so this probably should be fixed, for this
> reason.

Erm, last time I looked, a CGI script could generate any HTTP headers
it pleases.  Not to be confused with the fact that a typical CGI script
generates less than a full HTTP response, so Apache usually has to add
something to what CGI generates.

Nick Kew

View raw message