HEAD requests on /.well-known/webfinger return error 405 instead of 400

[ProgVal]

Describe the bug

HEAD requests to /.well-known/webfinger return "405 Method Not Allowed", instead of returning 400 (like GET)

Steps to reproduce (if necessary)

$ curl https://pencil.writefree.ly/.well-known/webfinger -I -X HEAD | head -n 1
HTTP/1.1 405 Method Not Allowed
$ curl https://pencil.writefree.ly/.well-known/webfinger -I -X GET | head -n 1
HTTP/1.1 400 Bad Request

Expected behavior

error 400 should be returned on HEAD requests

Application configuration

• Single mode or Multi-user mode? N/A
• Database? N/A
• Open registration? N/A
• Federation enabled? yes

Version or last commit: v0.12.0

[thebaer]

Thanks for the report, @ProgVal! Can you point to a source that explains why this endpoint should return a 400 instead of a 405? That'll help us triage this.

Either way, this will need to be fixed in the writeas/go-webfinger repo.

[ProgVal]

From [RFC 2616]https://tools.ietf.org/html/rfc2616#section-9.4):

9.4 HEAD

The HEAD method is identical to GET except that the server MUST NOT
return a message-body in the response. The metainformation contained
in the HTTP headers in response to a HEAD request SHOULD be identical
to the information sent in response to a GET request. This method can
be used for obtaining metainformation about the entity implied by the
request without transferring the entity-body itself. This method is
often used for testing hypertext links for validity, accessibility,
and recent modification.

My motivation for using HEAD on this endpoint is I want to check cheaply whether a domain name supports WebFinger.

[thebaer]

Got it, thank you! We'll get this fixed then -- transferring it to the correct repo.

[ProgVal]

Thanks!