You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
HEAD requests to /.well-known/webfinger return "405 Method Not Allowed", instead of returning 400 (like GET)
Steps to reproduce (if necessary)
$ curl https://pencil.writefree.ly/.well-known/webfinger -I -X HEAD | head -n 1
HTTP/1.1 405 Method Not Allowed
$ curl https://pencil.writefree.ly/.well-known/webfinger -I -X GET | head -n 1
HTTP/1.1 400 Bad Request
Expected behavior
error 400 should be returned on HEAD requests
Application configuration
Single mode or Multi-user mode? N/A
Database? N/A
Open registration? N/A
Federation enabled? yes
Version or last commit: v0.12.0
The text was updated successfully, but these errors were encountered:
Thanks for the report, @progval! Can you point to a source that explains why this endpoint should return a 400 instead of a 405? That'll help us triage this.
The HEAD method is identical to GET except that the server MUST NOT
return a message-body in the response. The metainformation contained
in the HTTP headers in response to a HEAD request SHOULD be identical
to the information sent in response to a GET request. This method can
be used for obtaining metainformation about the entity implied by the
request without transferring the entity-body itself. This method is
often used for testing hypertext links for validity, accessibility,
and recent modification.
My motivation for using HEAD on this endpoint is I want to check cheaply whether a domain name supports WebFinger.
Describe the bug
HEAD requests to
/.well-known/webfinger
return "405 Method Not Allowed", instead of returning 400 (like GET)Steps to reproduce (if necessary)
Expected behavior
error 400 should be returned on HEAD requests
Application configuration
Version or last commit: v0.12.0
The text was updated successfully, but these errors were encountered: