allow_methods not setting list when request if of type OPTIONS

allow_methods not setting list when request if of type OPTIONS

am 31.01.2008 19:20:16 von Christopher Stanton

Hey Everyone,

I am trying to set the allowed bitmask in a custom request handler
when I receive the OPTIONS method (and when I receive a method request
for a method I do not support). This includes possibly not listing
support for GET or POST.

I am using:
Fedora Core 6
Apache 2.2.4-2.1
mod_perl 2.0.2-6.2

In short I am using the allow_methods function to try to set the
returned list of allowed methods both when the request type is OPTIONS
and when it is an unsupported type.
This works when it is an unsupported type but Apache is ignoring it
with it is of type OPTIONS. To see a basic example handler and output
just skip all the additional explanations and head to the end of this
e-mail.

http://perl.apache.org/docs/2.0/api/Apache2/Access.html#C_al low_methods_

$r->allow_methods($reset, $list) only seems to respect the reset
flag if the return code from the handler is either
Apache2::Const::HTTP_METHOD_NOT_ALLOWED or
Apache2::Const::HTTP_NOT_IMPLEMENTED which is not in the
documentation.

The OPTIONS request is supposed to be URI/resource specific (unless
the URI is '*') but Apache seems to be treating it as '*' plus
whatever other additional options I set. OPTIONS is supposed to return
the set of methods available for the specific URI.

So can anyone shed some light on why Apache is ignoring the reset flag
when I am returning Apache2::Const::DECLINED?

And why is $r->allowed() also listed in the docs but does not work
either as advertised in the documentation?
(http://perl.apache.org/docs/2.0/api/Apache2/RequestRec.html #C_allowed_)

And which way is the proper/standard way of:
1) setting the "Allow" header field when responding to an OPTIONS
request on a URI
2) returing from handling an OPTIONS request. is it Apache2::Const::DECLINED?
2) setting the "Allow" header field when responding with either
HTTP_METHOD_NOT_ALLOWED or HTTP_NOT_IMPLEMENTED return codes

I have included a basic example handler and and returned output below.
The Allow hearder field for both OPTION and GET requests should be the
same, but as you can see, they are not.

thanks,
Christopher

------------------------------------------

sub handler {
my $r = shift;
my $status_code = Apache2::Const::SERVER_ERROR;

if ($r->method eq "OPTIONS"){
$r->allow_methods(1, qw(PUT DELETE));
$status_code = Apache2::Const::DECLINED;
} else {
$r->allow_methods(1, qw(PUT DELETE));
$status_code = Apache2::Const::HTTP_METHOD_NOT_ALLOWED;
}
return $status_code
}

------------------------------------------

#curl -D header.txt -X OPTIONS http://localhost:9080/somedir
#cat header.txt
HTTP/1.1 200 OK
Date: Tue, 09 Oct 2007 22:10:58 GMT
Server: Apache/2.2.4 (Fedora)
Allow: GET,HEAD,POST,OPTIONS,DELETE,PUT,TRACE
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8

------------------------------------------

#curl -D header.txt -X GET http://localhost:9080/somedir
#cat header.txt
HTTP/1.1 405 Method Not Allowed
Date: Tue, 09 Oct 2007 22:14:26 GMT
Server: Apache/2.2.4 (Fedora)
Allow: DELETE,PUT,TRACE
Content-Length: 308
Connection: close
Content-Type: text/html; charset=iso-8859-1