Response to bogus requests in MethodNotAllowed

[kkrull]

BogusRequest appears to be creating requests with randomly generated HTTP methods, and spec always requires the response to be 405 Method Not Allowed. Depending on what method name is randomly generated:

• If it happens to generate as one of the IANA methods that is supported, then the response should be the suitable 2xx response.
• If it happens to generate one of the IANA methods that is not supported, then the response should be 405 Method Not Allowed as per RFC7231 Section 6.5.5
• If it happens to be a method name that is not any of the IANA methods, then shouldn't the response be 501 Not Implemented?

The last paragraph in RFC7231 Section 4 says as follows:

When a request method is received
that is unrecognized or not implemented by an origin server, the
origin server SHOULD respond with the 501 (Not Implemented) status
code.  When a request method is received that is known by an origin
server but not allowed for the target resource, the origin server
SHOULD respond with the 405 (Method Not Allowed) status code.

Should MethodNotAllowed be refactored to use one of the other IANA methods that is not used elsewhere in cob_spec -- maybe TRACE or CONNECT?

[jdesrosiers]

Good catch! I missed that one. I'd love to see a PR addressing this issue.