+1. I think that the only information that leaks is information about the implementation, that can be inferred by reading the source anyway, right?
On Thu, May 29, 2014 at 1:14 PM, John Meinel <j...@arbash-meinel.com> wrote: > We currently have a test that we get 401 Unauthorized when you try to do a > PUT instead of a POST for stuff like trying to push up Tools, etc. > > However, HTTP Spec seems to have a 405 Method Not Allowed, which is meant > to handle this case of PUT isn't allowed, but POST would be. > > I'm looking into changing our Mux layer, to one that separately handles > PUT from POST and will give us 405 codes "for free". > > I just wanted to check that it is probably a good idea to conform more to > the spec, and be returning 405, I'm guessing 401 here was just because that > was what we had on hand. > > The current way actually checks for POST before checking the > Authorization, so an invalid Auth'd PUT would return a 405 rather than 401, > but that doesn't seem like bad information leakage. > > Is that ok? > > John > =:-> > > -- > Juju-dev mailing list > Juju-dev@lists.ubuntu.com > Modify settings or unsubscribe at: > https://lists.ubuntu.com/mailman/listinfo/juju-dev > >
-- Juju-dev mailing list Juju-dev@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/juju-dev
