AllowMethods and Allow header

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi all,

The "Allow" header seems to be broken when using the AllowMethods directive.

Without AllowMethods, an OPTIONS request gives:

$ curl -X OPTIONS -i localhost/test
HTTP/1.1 200 OK
Date: Mon, 23 Jul 2018 03:43:40 GMT
Server: Apache/2.4.33 (Debian)
Allow: OPTIONS,HEAD,GET,POST,TRACE
Content-Length: 0

and a PUT request gives:

$ curl -X PUT -i localhost/test
HTTP/1.1 405 Method Not Allowed
Date: Mon, 23 Jul 2018 03:43:48 GMT
Server: Apache/2.4.33 (Debian)
Allow: OPTIONS,HEAD,GET,POST,TRACE
Content-Length: 225
[...]

All is well.  But if I attempt to disable POST like so:

AllowMethods HEAD GET OPTIONS

an OPTIONS request still shows POST enabled:

$ curl -X OPTIONS -i localhost/test
HTTP/1.1 200 OK
Date: Mon, 23 Jul 2018 03:45:40 GMT
Server: Apache/2.4.33 (Debian)
Allow: GET,POST,OPTIONS,HEAD,TRACE
Content-Length: 0

And although a POST request itself now produces a 405:

$ curl -X POST -i localhost/test
HTTP/1.1 405 Method Not Allowed
Date: Mon, 23 Jul 2018 03:46:29 GMT
Server: Apache/2.4.33 (Debian)
Allow: TRACE
Content-Length: 226

its Allow header bizarrely lists only "TRACE".  (Same is true of PUT.)

In both cases with AllowMethods set as above, I would expect "Allow" to list exactly GET, OPTIONS, HEAD, and TRACE.


Am I doing something wrong?  This looks like a bug to me, given that the responses to the methods themselves are correct.

Thanks,
Chris

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx




[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux