John Panzer schrieb: > ... > Our Atom service currently provides the standard Allow: header to tell a > client what methods are allowed for a given URI + authorization > context. The set of allowed methods changes depending on authorization > or lack thereof. > ...
Hm. I'm not sure this is a good idea. HTTP distinguishes between 405 Not Allowed and 401 Auth required or403 Forbidden. I think the Allow header should list those methods which will not cause a 405 to be returned, so authorization is a complete orthogonal issue. Best regards, Julian _______________________________________________ specs mailing list [email protected] http://openid.net/mailman/listinfo/specs
