Hi all,
The "Allow" header seems to be broken when using the AllowMethods directive.
Without AllowMethods, an OPTIONS request gives:
$ curl -X OPTIONS -i localhost/test
HTTP/1.1 200 OK
Date: Mon, 23 Jul 2018 03:43:40 GMT
Server: Apache/2.4.33 (Debian)
Allow: OPTIONS,HEAD,GET,POST,TRACE
Content-Length: 0
and a PUT request gives:
$ curl -X PUT -i localhost/test
HTTP/1.1 405 Method Not Allowed
Date: Mon, 23 Jul 2018 03:43:48 GMT
Server: Apache/2.4.33 (Debian)
Allow: OPTIONS,HEAD,GET,POST,TRACE
Content-Length: 225
[...]
All is well. But if I attempt to disable POST like so:
AllowMethods HEAD GET OPTIONS
an OPTIONS request still shows POST enabled:
$ curl -X OPTIONS -i localhost/test
HTTP/1.1 200 OK
Date: Mon, 23 Jul 2018 03:45:40 GMT
Server: Apache/2.4.33 (Debian)
Allow: GET,POST,OPTIONS,HEAD,TRACE
Content-Length: 0
And although a POST request itself now produces a 405:
$ curl -X POST -i localhost/test
HTTP/1.1 405 Method Not Allowed
Date: Mon, 23 Jul 2018 03:46:29 GMT
Server: Apache/2.4.33 (Debian)
Allow: TRACE
Content-Length: 226
its Allow header bizarrely lists only "TRACE". (Same is true of PUT.)
In both cases with AllowMethods set as above, I would expect "Allow" to list exactly GET,
OPTIONS, HEAD, and TRACE.
Am I doing something wrong? This looks like a bug to me, given that the responses to the
methods themselves are correct.
Thanks,
Chris
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org
|