Hey Robert, 2010/1/4 Robert Segall <[email protected]>:
>> We are running an web application which is heavily using REST like stuff, >> and so we are using user defined HTTP commands. I realized that there is the >> xHTTP option inside the server section, but it allows only 4 values. > The reasons are HTTP standard compliance and security. No really easy > way to disable it - Pound wouldn't know how to deal with the headers. The standard explicitly defines a "extension-method" for the method [1], which can be a TOKEN, which can be a user defined string [2]. So standard compliance should be to allow user defined methods, otherwise I would not even have requested this change. I can understand your argument about security in a limited way. Still, HTTP methods, which match the standard, does not do any harm then performing actions on resources. If there are methods allowed on the server which shouldn't be, the problem is configured on the server and pound should not try to solve this issue. Your website says »The Pound program is a reverse proxy, load balancer and HTTPS front-end for Web server(s).«, so I assumed you just send request (as they are) to the correct server. Don't get me wrong, I really like pound. It does a fantastic job and still I'm trying to give you my point of view here. I'm not even requesting to change the default behavior – I really think it's good as it is. Still I would like to have the freedom to send (valid) HTTP methods of any kind to the server. So my only request here is to add an additional option (or use xHTTP with a special value) to path through any (valid) HTTP method. Thank for listening. Tobias [1] http://www.w3.org/Protocols/rfc2616/rfc2616-sec5.html#sec5.1.1 [2] http://www.w3.org/Protocols/rfc2616/rfc2616-sec2.html#sec2.2 -- To unsubscribe send an email with subject unsubscribe to [email protected]. Please contact [email protected] for questions.
