-
Steven Allen authored
Allowing methods isn't as simple as just allowing/disallowing them because different methods do different things. * HEAD: should be allowed everywhere GET is allowed. * OPTIONS: * When a CORS request is made, this will be handled by the CORS library. * Otherewise, we need to return the allowed methods. * POST: always allowed. * Everything else: always denied. Changing HandledMethods to a simple AllowGet makes it easier to "do the right thing".
3093cad8
