Return 405, not 501, when an unsupported HTTP method is used #3286
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Currently, when the
supported_http_methods
DSL config option is not set to:any
, the behaviour upon encountering an unexpected HTTP method is to return an501 Not Implemented
response.Whilst this is technically correct, it can be somewhat problematic; in situations where 5xx error responses are used as a heuristic to determine whether or not an application is healthy, a single person sending a flood of requests with invalid HTTP methods can result in an application being considered 'unhealthy' because Puma returns a 501.
It seems the somewhat more semantically correct response code to use in this scenario is
405 Method Not Allowed
– this is how Rails deals with HTTP methods it can't handle, for example. The HTTP spec requires that anAllow
header is returned alongside it with details of which methods are acceptable.To that end, this modifies the behaviour of Puma to return a 405 when supplied an unsupported HTTP method, rather than a 501, and return an
Allow
header with the valid methods.Your checklist for this pull request
[ci skip]
to the title of the PR.#issue
" to the PR description or my commit messages.