fix non-compliant use of HTTP status code 405

See RFC 7231, §6.5.5.

1 files changed, 19 insertions, 2 deletions

diff --git a/pkg/instance/handler.go b/pkg/instance/handler.go
index f2bc621..95d90a8 100644
--- a/pkg/instance/handler.go
+++ b/pkg/instance/handler.go
@@ -41,9 +41,9 @@ func (a Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	ctx, cancel := context.WithDeadline(r.Context(), now.Add(a.Instance.Deadline))
 	defer cancel()
 
-	if r.Method != a.Method {
+	statusCode = a.verifyMethod(w, r)
+	if statusCode != 0 {
 		glog.Warningf("%s/%s: got HTTP %s, wanted HTTP %s", a.Instance.Prefix, string(a.Endpoint), r.Method, a.Method)
-		http.Error(w, "", http.StatusMethodNotAllowed)
 		return
 	}
 
@@ -54,6 +54,23 @@ func (a Handler) ServeHTTP(w http.ResponseWriter, r *http.Request) {
 	}
 }
 
+// verifyMethod checks that an appropriate HTTP method is used.  Error handling
+// is based on RFC 7231, see Sections 6.5.5 (Status 405) and 6.5.1 (Status 400).
+func (h *Handler) verifyMethod(w http.ResponseWriter, r *http.Request) int {
+	if h.Method == r.Method {
+		return 0
+	}
+
+	code := http.StatusBadRequest
+	if ok := h.Instance.checkHTTPMethod(r.Method); ok {
+		w.Header().Set("Allow", h.Method)
+		code = http.StatusMethodNotAllowed
+	}
+
+	http.Error(w, fmt.Sprintf("error=%s", http.StatusText(code)), code)
+	return code
+}
+
 func addLeaf(ctx context.Context, i *Instance, w http.ResponseWriter, r *http.Request) (int, error) {
 	glog.V(3).Info("handling add-entry request")
 	req, err := i.leafRequestFromHTTP(ctx, r)