Node-solid-server: Return correct Allow header on OPTIONS

Created on 14 Nov 2018  ·  3Comments  ·  Source: solid/node-solid-server

bug test-case

All 3 comments

To be determined: does this depend on auth status?

As mentioned in #931, the Allow: header is not authentication dependent. Its semantics are “this is what the server is capable of in general.”

On the other hand, the WAC-Allow: header (returned on HEAD requests) /is/ authentication dependent, and checks the resource acls etc.

Specifically, the RFC states:

The "Allow" header field lists the set of methods advertised as
supported by the target resource. The purpose of this field is
strictly to inform the recipient of valid request methods associated
with the resource.

https://tools.ietf.org/html/rfc7231#section-7.4.1

So no mention of auth there indeed, just the resource itself. Hence, it should always be GET/HEAD/OPTIONS/POST/PUT/PATCH/DELETE for Solid.

Was this page helpful?
0 / 5 - 0 ratings

Related issues

kjetilk picture kjetilk  ·  7Comments

csarven picture csarven  ·  6Comments

SvenDowideit picture SvenDowideit  ·  6Comments

RubenVerborgh picture RubenVerborgh  ·  4Comments

WhyINeedToFillUsername picture WhyINeedToFillUsername  ·  3Comments