On Fri, Mar 11, 2011 at 6:16 AM, Graham Dumpleton < graham.dumple...@gmail.com> wrote:
> > > On Thursday, March 10, 2011 1:44:17 PM UTC-5, Steve Lacy wrote: >> >> What's the recommended way to get proper HEAD request support using >> pyramid + mod_wsgi? >> >> Right now, with my "vanilla" mod_wsgi configs, and request_method='GET' on >> my view_config decorators, my HEAD requests are 404'ing. I tried setting >> request_method=['GET', 'HEAD'] but it seems as this syntax isn't supported. >> I couldn't find anything about HEAD requests in the docs. >> > > Performing special actions for HEAD, for example avoiding generating data, > is dangerous as you can screw up the results where there are outer > middleware that want to consume the response and from that modify the > response headers. Read: > > > http://blog.dscpl.com.au/2009/10/wsgi-issues-with-http-head-requests.html > > Apache/mod_wsgi will in certain circumstances actually change a HEAD > request to a GET request to workaround the problem where WSGI applications > don't generate response content for HEAD and therefore screw up the > operation of Apache output filters that always expect to see the content. > > Why are you wanting to specialise HEAD requests? > I wasn't actually wanting to specialize HEAD requests, I was mostly being pedantic with my "request_method='GET'" specification, and removing all of those made HEAD work. It would seem to be that a bit more documentation is in order here, and I might even suggest that the default behavior for request_method='GET' would be to implicitly handle GET and HEAD unless a specific handler for HEAD is configured. In general, I like to be pedantic about request_method, because I really don't want to have to think about any possible security holes if someone is POSTing to my GET handler. I see malicious POST requests all the time, and limiting it makes be feel a lot better. (buffer overruns, etc.). I'd rather an unexpected POST just be outright rejected, so I thought setting request_method='GET' would help out with that, but it broke HEAD, which is a more severe issue. Steve > > Graham > > -- > You received this message because you are subscribed to the Google Groups > "pylons-devel" group. > To post to this group, send email to pylons-devel@googlegroups.com. > To unsubscribe from this group, send email to > pylons-devel+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/pylons-devel?hl=en. > -- You received this message because you are subscribed to the Google Groups "pylons-devel" group. To post to this group, send email to pylons-devel@googlegroups.com. To unsubscribe from this group, send email to pylons-devel+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/pylons-devel?hl=en.
