Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:94627 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 80430 invoked from network); 22 Jul 2016 10:57:32 -0000 Received: from unknown (HELO lists.php.net) (127.0.0.1) by localhost with SMTP; 22 Jul 2016 10:57:32 -0000 Authentication-Results: pb1.pair.com smtp.mail=cmbecker69@gmx.de; spf=pass; sender-id=pass Authentication-Results: pb1.pair.com header.from=cmbecker69@gmx.de; sender-id=pass Received-SPF: pass (pb1.pair.com: domain gmx.de designates 212.227.15.15 as permitted sender) X-PHP-List-Original-Sender: cmbecker69@gmx.de X-Host-Fingerprint: 212.227.15.15 mout.gmx.net Received: from [212.227.15.15] ([212.227.15.15:55527] helo=mout.gmx.net) by pb1.pair.com (ecelerity 2.1.1.9-wez r(12769M)) with ESMTP id FF/E1-52781-B1CF1975 for ; Fri, 22 Jul 2016 06:57:31 -0400 Received: from [192.168.2.103] ([217.82.227.154]) by mail.gmx.com (mrgmx002) with ESMTPSA (Nemesis) id 0LqzEB-1an4n12GDz-00ee3s; Fri, 22 Jul 2016 12:57:24 +0200 To: Nikita Popov , Nazar Mokrynskyi References: <9d7bf704-44f9-1888-0761-8a91adfa8391@mokrynskyi.com> Cc: PHP internals , Christoph Michael Becker Message-ID: <437a97a6-dd17-5631-d7e8-577e8a7fc393@gmx.de> Date: Fri, 22 Jul 2016 12:57:28 +0200 User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.2.0 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Provags-ID: V03:K0:MNTeDTH//iH2LCKcAL7syalNJB5wff/ogpye6w6DE/oKztt5DOs o7E61RBA8OU1p/GmyTL0CdHrEBBm9OdC4hw3P4cusuPD7h146TyEf3yApaO/QFSuO4c7CaW M30Ms0djjmkAT9j495Xb8N1lWt0cu0prhow+ZSVtbjNcioGrhGIRV7QsoObVTxwfJFPk9C/ BDNRTuJBeG85cDeyTP+Rg== X-UI-Out-Filterresults: notjunk:1;V01:K0:QzSwQcUsJK4=:9+hWEjgf0PRCvKuYxiFsu8 76Dt+2puF+O/QmGR60D1Xg7RrwMoV6j7pvCOxXCwmjwM3XLKzZfuMPK5lGLdqOKQxr37U7Fkn vmrgePkn80TnikFsBgtO4ixnijzu5fatwpQd2kHOoRxubuG54tTjSzgebvJLIyNBQ5BN/pIBp MnFoXdqo8M+8Cb8U4X9sTm4m7TeqS8qCcU9xdvw9NUCJss1pgIHIOn7zD1ZoJOXz8iVsbST19 4VnGnqWugOzxvEup6+x2zGra9RM4uEhgAFjTiy5FjgIpUIOKkjxkH1CCXGMBgAzKIC9BFpFGD +MElZ8OrWPyJK9mzCEA3iPxKJ46Rw6D/YDXMcxczf52S6YhFFQPNxzyOdZSc6imej6ErC7rvT psSiaL7Gk/yvE1xtXBldBT/7ixQkdDwNRvBASTKHHKNbGOzFVyUvwbMA2M6hCfHOOTD2FmVpw eUH6zr7mlhKb7S+abr29fqnFQzPl1IKaO2mDyI5MSCzREu1Bb3cS4DXJ5oyOVCXcjVPhw7ZOd SRfKiz1P48WtD/tJT9sBKKIru1RFq4gUjf7xGmO5Vtz8zv0/O6+hoiV0j/F93aFU8qaMb21ZV h6VaQUeLHCDQfeMsx7oXWdIfvfCSgYmjOFaSyarUK56Xd3SZdS6ptaM+/48LoyFSzzoX4zQNA 3EUNXLqI2oY1ArCkGj46snoRECwcb6icjNbjA8mJcZAFnVEx7JPbzMzpv1tX/YEkUSOlv2f8m Z2QD0+VkcO6wCgkuembat9sxjWH+nhBdb2NpnsSC+k59w9UBkDxZ6qwarFZOCewUjdCgfV8oD PkJ1QtR Subject: Re: [PHP-DEV] Add support for arbitrary HTTP methods From: cmbecker69@gmx.de (Christoph Becker) On 22.07.2016 at 12:28, Nikita Popov wrote: > On Fri, Jul 22, 2016 at 2:28 AM, Nazar Mokrynskyi > wrote: > >> I want to bring here question about supporting custom http methods in >> built-in webserver with router script. >> >> The problem is that GET, POST are standard methods and they work fine, >> but for custom methods like XYZ_METHOD_ALSO_ALLOWED webserver responds >> with 501 Not Implemented. >> >> 501 ideally should never happen when router script is used, since it is >> up to router to decide whether it can handle the request or not. >> >> Initial bug report for additional info and references: >> https://bugs.php.net/bug.php?id=72619 >> Sample repository to reproduce an issue: >> https://github.com/nazar-pc/php-bug-72619 >> >> Christoph Michael Becker said on bug tracker that this kind of change >> will probably require an RFC, however for me this appears to be pretty >> minor change that can barely be a breaking change to someone and it >> should even be backported to 7.0/5.6 when/if implemented in 7.1. >> >> I do not code in C/C++, but I can prepare some PHPT tests for this >> feature if someone is willing to help here. > > Agree, I don't see why this would need an RFC. > > I don't see a point in the HTTP request method detection -- in the end, > applications will only be able to handle a small fraction of the request > methods we consider "allowed". so it's not like these checks are in any way > meaningful -- the application layer still has to deal with this itself if > it's actually interested in generating accurate 405 responses. It's a PITA > to keep this list updated (we're pretty bad at this -- we're very out of > sync with the upstream implementation) and prevents use of custom methods. After re-reading the RFC which introduced the built-in web server[1] (which doesn't even mention HTTP methods), and finding that non-supported methods can't even be properly handled in the router script, I agree that we should change the web server to accept arbitrary methods; if required, a router script can still reject methods that are unsupported by the app. If this would need an RFC? Still not sure, but maybe starting with a PR and awaiting feedback is sensible. [1] -- Christoph M. Becker