OPTIONS request authentication

Question

I am developing a web application. It is using Basic authentication. It must process OPTIONS requests. These are web browser preflight requests as well as feature-support re

Answer 1

from http://www.w3.org/Protocols/rfc2616/rfc2616-sec9.html:

The OPTIONS method represents a request for information about the communication options available on the request/response chain identified by the Request-URI. This method allows the client to determine the options and/or requirements associated with a resource, or the capabilities of a server, without implying a resource action or initiating a resource retrieval.

So OPTIONS might be specific to the server or might be specific to a resource, it depends on your application. If you use cross-origin resource sharing (CORS, e.g. trying an XMLHttpRequest to another server) it will send an OPTIONS request to check if the server expects cross-origin requests for the specific resource before following with a POST request. So in this case OPTIONS should behave resource-specific. For WebDAV a server-specific OPTIONS might be enough because the client does it only to check the allowed methods (e.g. if WebDAV methods are supported).