Hi all, The "Allow" header seems to be broken when using the AllowMethods directive. Without AllowMethods, an OPTIONS request gives: $ curl -X OPTIONS -i localhost/test HTTP/1.1 200 OK Date: Mon, 23 Jul 2018 03:43:40 GMT Server: Apache/2.4.33 (Debian) Allow: OPTIONS,HEAD,GET,POST,TRACE Content-Length: 0 and a PUT request gives: $ curl -X PUT -i localhost/test HTTP/1.1 405 Method Not Allowed Date: Mon, 23 Jul 2018 03:43:48 GMT Server: Apache/2.4.33 (Debian) Allow: OPTIONS,HEAD,GET,POST,TRACE Content-Length: 225 [...] All is well. But if I attempt to disable POST like so: AllowMethods HEAD GET OPTIONS an OPTIONS request still shows POST enabled: $ curl -X OPTIONS -i localhost/test HTTP/1.1 200 OK Date: Mon, 23 Jul 2018 03:45:40 GMT Server: Apache/2.4.33 (Debian) Allow: GET,POST,OPTIONS,HEAD,TRACE Content-Length: 0 And although a POST request itself now produces a 405: $ curl -X POST -i localhost/test HTTP/1.1 405 Method Not Allowed Date: Mon, 23 Jul 2018 03:46:29 GMT Server: Apache/2.4.33 (Debian) Allow: TRACE Content-Length: 226 its Allow header bizarrely lists only "TRACE". (Same is true of PUT.) In both cases with AllowMethods set as above, I would expect "Allow" to list exactly GET, OPTIONS, HEAD, and TRACE. Am I doing something wrong? This looks like a bug to me, given that the responses to the methods themselves are correct. Thanks, Chris --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|