HTTP Response for PUT vs POST
John Meinel
john at arbash-meinel.com
Thu May 29 11:14:49 UTC 2014
We currently have a test that we get 401 Unauthorized when you try to do a
PUT instead of a POST for stuff like trying to push up Tools, etc.
However, HTTP Spec seems to have a 405 Method Not Allowed, which is meant
to handle this case of PUT isn't allowed, but POST would be.
I'm looking into changing our Mux layer, to one that separately handles PUT
from POST and will give us 405 codes "for free".
I just wanted to check that it is probably a good idea to conform more to
the spec, and be returning 405, I'm guessing 401 here was just because that
was what we had on hand.
The current way actually checks for POST before checking the Authorization,
so an invalid Auth'd PUT would return a 405 rather than 401, but that
doesn't seem like bad information leakage.
Is that ok?
John
=:->
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/juju-dev/attachments/20140529/d73a54ea/attachment.html>
More information about the Juju-dev
mailing list