[Nitro] HTTP verbs and headers

Jonathan Buch john at oxyliquit.de
Fri Apr 6 04:26:08 EDT 2007


> I'm quite sure no current Nitro code is affected in any way by the
> current behaviour (returning 200 OK on all requests), it's just a
> question about how Nitro wants to intepret the HTTP spec(1). My original
> test case came about after reading some articles about REST (and
> WebDAV). I was curious about how Nitro handled stuff like PUT and DELETE.
> Even if Nitro in its current form is heavily geared towards 'normal'
> browsing, there really is a lot of other stuff based on HTTP going on.
> Whether Nitro should support 'other stuff' than normal browsing is of
> course open to discussion.

Oh yes, like George said in his reply, the new REST like functions included
in the latest repo version are geared towards the non-browser stuff.  My
mind is just always centered around the repo version, so I thought that
Nitro already interpreted PUT/DELETE.  (And I'm almost sure it did so since
at least 0.29).

>> Yes, Nitro is responsible for that, as it would have to treat 'PUT'
>> differently from 'POST', but not disallow 'POST' (like w3.org) on the
>> spot.  Nitro would have to check for every action if the action
>> 'accepts' post/put/get/head, which isn't really all too great (some meta-
>> data would have to be used).
> What do you mean by meta data? The HTTP verb is readily available from
> the web server (HttpRequest.request_method when using Webrick, I'm
> pretty sure Mongrel has something similar).

This was in relation to how 405 was returned by w3.org.

(slightly modified version of your script)

jo:~/test john$ ./reterr.rb www.w3.org/
GET www.w3.org/...200 OK
HEAD www.w3.org/...200 OK
POST www.w3.org/...405 Method Not Allowed
PUT www.w3.org/...302 Found
DELETE www.w3.org/...405 Method Not Allowed

jo:~/test john$ ./reterr.rb www.w3.org/Search/Mail/Public/search
GET www.w3.org/Search/Mail/Public/search...200 OK
HEAD www.w3.org/Search/Mail/Public/search...200 OK
POST www.w3.org/Search/Mail/Public/search...200 OK
PUT www.w3.org/Search/Mail/Public/search...302 Found
DELETE www.w3.org/Search/Mail/Public/search...200 OK

Which means, the POST verb is not forbidden on all requests, but is
somehow specified within the 'action'.  (meta data) (well, of course
this could be and probably is a complete different backend to the index
page, but still)

>> So, that it just returns 200 for all is ok in my eyes.  (Unless there's
>> an error in my reasoning here....)
> It's OK depending on how you interpret the spec :) 200 OK means that the
> request was accepted and processed acording to the spec. Since this
> isn't the case, Nitro is lying to the client connecting to the server.
> My suggestion is to reject all HTTP verbs other than GET and POST
> (405 Method Not Allowed) until (if ever) Nitro has the capabilty to
> respond to other verbs.

class MyController
   def index
     if request.post?

     elsif request.get?

     elsif request.delete?


I think that this nitro controller would also work in earlier versions.
(Untested though) And that it would also 'handle' PUT requests.  Just not
quite adhering to the RFC out of the box.
In my mind, if someone makes a DELETE request here, the delete? branch
would (now) have to create the correct return code and just 'behave' like
DELETE should.
But basically Nitro also handles all unknown verbs in the action as well,
the user (controller writer) just didn't handle it explicitly.

This is what I mean with 'meta data'.

class MyController
   def index
   ann :index, :handle => [:get, :post]

or globally

Dispatcher.handle_http_verbs = [:get, :post, :head]

Otherwise Nitro has no idea how to handle 'unknown' verbs and defers that
decision to the user of the framework.

So, you're right about the Nitro not adhering to the official specs, but
atm only because the user didn't implement his actions 'correctly'.

Note that this email is all purely theoretical and might be awfully off
track.  :)


Feel the love

More information about the Nitro-general mailing list