musicog
commented
3 years ago N.b. "Allow" is a header. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Allow and https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
Closed alastair closed 3 years ago
musicog
commented
3 years ago N.b. "Allow" is a header. See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Allow and https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS
ChristiaanScheermeijer
commented
3 years ago @alastair @musicog the Allow header should only be set when a wrong request method is being used. We do support POST requests for GraphQL requests. Should this restriction only be made for the /:identifier route?
alastair
commented
3 years ago From what I understand I think that we should do:
OPTIONS /:identifier -> return Allow: OPTIONS, GET GET /:identifier -> return data (optionally add Allow: OPTIONS, GET) POST /:identifier -> return method not allowed (optional add Allow: OPTIONS, GET)
I'm not sure if Allow: should also be included in the GET and POST methods, however the header should only appear in the /:identifier route
linked data clients use OPTIONS to see what kind of operations that they can do on a server. Because the json-ld export in the CE is read-only, we should implement OPTIONS that returns:
so that clients know that they cannot write to the CE.