views:

246

answers:

1

I'm receiving HEAD requests in my application, and wondering on the best way to handle them. Options are:

  • convert them to GETs, process GET normally, then:
    • strip the body (though I'm not sure how - response.content = '' doesn't seem to do it.
    • it seems app engine auto-strips the body, giving a warning "Dropping unexpected body in response to HEAD request"

It seems this is clean, and can be written nicely using decorators or middleware.

  • Handle each HEAD request specially:
    • this means I could avoid a DataStore access in some (many?) cases.
    • There is a risk, apparently, that middleware which sets the Content-length header will be prevented from doing so by this approach.

Anything else? Which should I do? Does using App Engine make a difference here? Are there subtle details; if so, is there appropriate middleware to use? To convert to GET, is `request.method = "GET" sufficient (it seems to work)?

+4  A: 

Did you intend for you application to handle HEAD requests, or are these coming from some anonymous source? You certainly aren't obligated to honor a HEAD request. You can just return with a status code of 405 (Method not allowed) and provide the Allow header with GET or whatever you mean to handle.

I don't think that manually setting request.method to GET is meaningful; in all probability, you are just returning a response that is larger than what the requester wanted. They just wanted to see the headers for the response. If you don't want to handle the HEAD, do the 405 and Allow header approach.

Generally, a client sends a HEAD request because they are trying to be smart about not handling a full response if they don't need to. They are checking to see if the Content-Length has changed since the last time that they saw the response, or they want to see the Last-Modified or Expires header.

It is certainly well-behaved for your application to gracefully handle HEAD requests, but you don't have to.

Adam Crossland