#4958 defect new
twisted.web.resource.Resource.allowedMethods doesn't determine what methods are allowed
|Reported by:||washort||Owned by:|
Resource.render only consults allowedMethods after looking for a render_ method. If a render_FOO method exists, it's invoked; allowedMethods is only used to populate the Allow header in the response.
To quote wsanchez from #3684:
OK, so with this API, if you have allowedMethods = ["GET"], then even though you are telling us that you don't want to allow HEAD (for whatever reason), we're going to ignore you and allow it anyway.
This strikes me as strangely inconsistent/exceptional API, so that bothers me. What I would prefer is that if you say allowedMethods = ["GET", "HEAD"], but you don't implement the HEAD method, then we'll use your GET implementation to provide HEAD.
That is, we should do what you ask us to do, and not pretend that we know better.