>Number: 378
>Category: protocol
>Synopsis: Wrong behavior on an OPTIONS request
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Sun Apr 13 13:10:02 1997
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.2b7
>Environment:
all (tested under Linux2)
>Description:
I'm wondering if the OPTIONS method of Apache is really
conforming to RFC2068...
Example:
PUT is configured via 'Script PUT /cgi-bin/put.cgi' and
the servers allows PUT to its documents (<Limit PUT>).
When I try the request "OPTIONS /cgi-bin/put.cgi" the reponse
contains "PUT" in the Allow-Header, but I cannot PUT to
*this* resource.
When I try a request like "OPTIONS /put_allowed_dir/index.html"
the response does not contain "PUT" as allowed, although I
can PUT something to this location.
When I try OPTIONS on a resource that is protected via some
means of authentication the response contains an authentication
challenge, although RFC2068 says that there should be no initiation
>How-To-Repeat:
>Fix:
>Audit-Trail:
>Unformatted:
