The HTTP OPTIONS
method is supposedly used to determine what other methods the server supports on a given resource. Given that, I have two questions:
What does this response look like? I have seen examples with CSV lists in Public
, Allow
, and even Access-Control-Allow-Methods
headers. Are they all needed? What's the difference? RFC 2616 doesn't seem to be very helpful here.
Would it be appropriate to use this to list the actions that a resource supports in a non-REST-API environment? For example, if my ConversionController
supports the action convert
, would a response like this make sense:
Request:
OPTIONS /conversion HTTP/1.1
Response:
HTTP/1.1 200 OK ... Allow: CONVERT ...
The HTTP OPTIONS method requests permitted communication options for a given URL or server. A client can specify a URL with this method, or an asterisk ( * ) to refer to the entire server.
The expected return on a call option equals: (expected price of the asset at the expiration date - the strike price) the quantity of the asset the option allows you to buy, minus the price you paid for the option.
The HTTP OPTIONS method is used to describe the communication options for the target resource. This method allows the client to determine the options and/or requirements associated with a resource, or the capabilities of a server, without implying a resource action or initiating a resource retrieval.
RFC 2616 defines "Allow" (http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.14.7). "Public" is not in use anymore. "Access-Control-Allow-Methods" is defined in the CORS specification (see http://www.w3.org/TR/cors/).
It is a request from the client to know what HTTP methods the server will allow, like GET
, POST
, etc.
Request
The request might look like this when asking about the options for a particular resource:
OPTIONS /index.html HTTP/1.1
or like this when asking about the server in general:
OPTIONS * HTTP/1.1
Response
The response would contain an Allow
header with the allowed methods:
Allow: OPTIONS, GET, HEAD, POST
Allowed
header and even document your API in the body.Access-Control-Request-*
headers.405 Method Not Allowed
or 501 Not Implemented
.PUT
or DELETE
, or POST
with application/json
). Only perform simple requests.If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With