Monday, May 12, 2014

2014-05-08: Support for Various HTTP Methods on the Web

While clearly not all URIs will support all HTTP methods, we wanted to know what methods are widely supported, and how well is the support advertised in HTTP responses. Full range of HTTP method support is crucial for RESTful Web services. Please read our previous blog post for definitions and pointers about REST and HATEOAS. Earlier, we have done a brief analysis of HTTP method support in the HTTP Mailbox paper. We have extended the study to carry out deeper analysis of the same and look at various aspects of it.

We initially sampled 100,000 URIs from the DMOZ and found that only 40,870 URIs were live. Our further analysis was based on the response code, "Allow" header, and "Server" header for OPTIONS request from those live URIs. We found that out of those 40,870 URIs:
  • 55.31% do not advertise which methods they support
  • 4.38% refuse the OPTIONS method, either with a 405 or 501 response code
  • 15.33% support only HEAD, GET, and OPTIONS
  • 38.53% support HEAD, GET, POST, and OPTIONS
  • 0.12% have syntactic errors in how they convey which methods they support
  • 2.99% have RFC compliance issues such as a 200 (OK) response code to an OPTIONS request but OPTIONS is not present in the Allow header, 405 (Method not supported) response code without an Allow header, or 405 response code, but OPTIONS method is present in the Allow header
Below is an example of an OPTIONS request with a successful response:

$ curl -I -X OPTIONS
HTTP/1.1 200 OK
Date: Wed, 07 Aug 2013 23:11:04 GMT
Server: Apache/2.2.17 (Unix) PHP/5.3.5 mod_ssl/2.2.17 OpenSSL/0.9.8q
Content-Length: 0
Content-Type: text/html


The above code illustrates that the URI returns 200 OK response, it uses Apache web server and it supports GET, HEAD, POST, and OPTIONS methods.

The following OPTIONS request illustrates an unsuccessful response which has RFC compliance issue in it:

$ curl -I -X OPTIONS
HTTP/1.1 405 Not Allowed
Content-Type: text/html
Date: Wed, 07 Aug 2013 22:24:05 GMT
Server: nginx
Content-Length: 166
Connection: keep-alive


The above code illustrates that the URI returns 405 Not Allowed response, it uses Nginx web server and it does not tell what methods it allows.

Table 1: Interleaved Method Support Distribution.

Table 1 gives an interleaved distribution of method support. It shows the count and percentage of URIs in our sample set for all the combinations of supported and unsupported methods. If a combination is not listed in the table then it does not occur in our sample set.

In our sample set, about 55% URIs claim support for GET and POST methods, but less than 2% of the URIs claim support for one or more of PUT, PATCH, or DELETE methods. The full technical report can be found at arXiv.


Sawood Alam

No comments:

Post a Comment