405 should return Allow header

[jkarni]

From RFC 2616:

10.4.6 405 Method Not Allowed
The method specified in the Request-Line is not allowed for the resource identified by the Request-URI. The response MUST include an Allow header containing a list of valid methods for the requested resource.

We currently don't send the Allow header, and should (must!). This means introspecting what other endpoints exist that match a certain path.

It seems like the work that went into #451 is also related, so pinging @kosmikus .

Related to #278. Fixing one will likely allow us to fix the other. It would also get us further along proper HATEOAS.

[kosmikus]

Hmm, interesting. We may have to improve the static representation of the routing table to include the methods that are allowed at each endpoint explicitly.

[arianvp]

I think I have brought this up before on IRC (somewhere in October when we were working on Delayed) . Why don't we compile down our interpretations to https://github.com/helium/airship/blob/master/src/Airship/Resource.hs#L34-L106 ? this way we know we can only build RFC Compliant HTTP handlers. It would catch a lot of these bugs at once.

I think we dismissed it before as too restrictive and 'overkill' and it would probably involve changing a lot of code. But now that these things keep popping up, perhaps it's worth reconsidering?

Is this also what you're trying to get at, @kosmikus ?

[jkarni]

Why don't we compile down our interpretations to https://github.com/helium/airship/blob/master/src/Airship/Resource.hs#L34-L106 ?

As in, literally to that?

I'd like to continue discussing that idea here, but my opinion is that these are probably two separate issues, no?