Hey Everyone, I am trying to set the allowed bitmask in a custom request handler when I receive the OPTIONS method (and when I receive a method request for a method I do not support). This includes possibly not listing support for GET or POST.
I am using: Fedora Core 6 Apache 2.2.4-2.1 mod_perl 2.0.2-6.2 In short I am using the allow_methods function to try to set the returned list of allowed methods both when the request type is OPTIONS and when it is an unsupported type. This works when it is an unsupported type but Apache is ignoring it with it is of type OPTIONS. To see a basic example handler and output just skip all the additional explanations and head to the end of this e-mail. http://perl.apache.org/docs/2.0/api/Apache2/Access.html#C_allow_methods_ $r->allow_methods($reset, $list) only seems to respect the reset flag if the return code from the handler is either Apache2::Const::HTTP_METHOD_NOT_ALLOWED or Apache2::Const::HTTP_NOT_IMPLEMENTED which is not in the documentation. The OPTIONS request is supposed to be URI/resource specific (unless the URI is '*') but Apache seems to be treating it as '*' plus whatever other additional options I set. OPTIONS is supposed to return the set of methods available for the specific URI. So can anyone shed some light on why Apache is ignoring the reset flag when I am returning Apache2::Const::DECLINED? And why is $r->allowed() also listed in the docs but does not work either as advertised in the documentation? (http://perl.apache.org/docs/2.0/api/Apache2/RequestRec.html#C_allowed_) And which way is the proper/standard way of: 1) setting the "Allow" header field when responding to an OPTIONS request on a URI 2) returing from handling an OPTIONS request. is it Apache2::Const::DECLINED? 2) setting the "Allow" header field when responding with either HTTP_METHOD_NOT_ALLOWED or HTTP_NOT_IMPLEMENTED return codes I have included a basic example handler and and returned output below. The Allow hearder field for both OPTION and GET requests should be the same, but as you can see, they are not. thanks, Christopher ------------------------------------------ sub handler { my $r = shift; my $status_code = Apache2::Const::SERVER_ERROR; if ($r->method eq "OPTIONS"){ $r->allow_methods(1, qw(PUT DELETE)); $status_code = Apache2::Const::DECLINED; } else { $r->allow_methods(1, qw(PUT DELETE)); $status_code = Apache2::Const::HTTP_METHOD_NOT_ALLOWED; } return $status_code } ------------------------------------------ #curl -D header.txt -X OPTIONS http://localhost:9080/somedir #cat header.txt HTTP/1.1 200 OK Date: Tue, 09 Oct 2007 22:10:58 GMT Server: Apache/2.2.4 (Fedora) Allow: GET,HEAD,POST,OPTIONS,DELETE,PUT,TRACE Content-Length: 0 Connection: close Content-Type: text/plain; charset=UTF-8 ------------------------------------------ #curl -D header.txt -X GET http://localhost:9080/somedir #cat header.txt HTTP/1.1 405 Method Not Allowed Date: Tue, 09 Oct 2007 22:14:26 GMT Server: Apache/2.2.4 (Fedora) Allow: DELETE,PUT,TRACE Content-Length: 308 Connection: close Content-Type: text/html; charset=iso-8859-1
