Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

HEAD requests on /.well-known/webfinger return error 405 instead of 400 #1

Open
ProgVal opened this issue May 14, 2020 · 4 comments
Open

Comments

@ProgVal
Copy link

@ProgVal ProgVal commented May 14, 2020

Describe the bug

HEAD requests to /.well-known/webfinger return "405 Method Not Allowed", instead of returning 400 (like GET)

Steps to reproduce (if necessary)

$ curl https://pencil.writefree.ly/.well-known/webfinger -I -X HEAD | head -n 1
HTTP/1.1 405 Method Not Allowed
$ curl https://pencil.writefree.ly/.well-known/webfinger -I -X GET | head -n 1
HTTP/1.1 400 Bad Request

Expected behavior

error 400 should be returned on HEAD requests

Application configuration

  • Single mode or Multi-user mode? N/A
  • Database? N/A
  • Open registration? N/A
  • Federation enabled? yes

Version or last commit: v0.12.0

@thebaer
Copy link
Member

@thebaer thebaer commented May 14, 2020

Thanks for the report, @ProgVal! Can you point to a source that explains why this endpoint should return a 400 instead of a 405? That'll help us triage this.

Either way, this will need to be fixed in the writeas/go-webfinger repo.

@ProgVal
Copy link
Author

@ProgVal ProgVal commented May 14, 2020

From [RFC 2616]https://tools.ietf.org/html/rfc2616#section-9.4):

9.4 HEAD

The HEAD method is identical to GET except that the server MUST NOT
return a message-body in the response. The metainformation contained
in the HTTP headers in response to a HEAD request SHOULD be identical
to the information sent in response to a GET request. This method can
be used for obtaining metainformation about the entity implied by the
request without transferring the entity-body itself. This method is
often used for testing hypertext links for validity, accessibility,
and recent modification.

My motivation for using HEAD on this endpoint is I want to check cheaply whether a domain name supports WebFinger.

@thebaer
Copy link
Member

@thebaer thebaer commented May 14, 2020

Got it, thank you! We'll get this fixed then -- transferring it to the correct repo.

@thebaer thebaer transferred this issue from writeas/writefreely May 14, 2020
@ProgVal
Copy link
Author

@ProgVal ProgVal commented May 14, 2020

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.