diff --git a/enterprise/server/include/sourcemeta/one/enterprise_server_actions.h b/enterprise/server/include/sourcemeta/one/enterprise_server_actions.h index 63cf65d25..840bb7176 100644 --- a/enterprise/server/include/sourcemeta/one/enterprise_server_actions.h +++ b/enterprise/server/include/sourcemeta/one/enterprise_server_actions.h @@ -181,6 +181,13 @@ class ActionMCP_v1 : public sourcemeta::one::RouterAction { response.write_status(status); response.write_header("Content-Type", "application/json"); response.write_header("Access-Control-Allow-Origin", this->allowed_origin_); + // RFC 9110 §15.5.6: 405 responses MUST carry Allow listing supported + // methods. The MCP endpoint accepts POST and OPTIONS only. + // https://datatracker.ietf.org/doc/html/rfc9110#section-15.5.6 + if (std::string_view{status} == + sourcemeta::one::STATUS_METHOD_NOT_ALLOWED) { + response.write_header("Allow", "POST, OPTIONS"); + } // Debuggability echo: not mandated by MCP, but lets clients confirm // which protocol revision the server interpreted. For error paths // where no negotiation succeeded, we echo the spec-default `2025-03-26`. diff --git a/src/actions/action_default_v1.h b/src/actions/action_default_v1.h index d1ea9ea54..ed9724176 100644 --- a/src/actions/action_default_v1.h +++ b/src/actions/action_default_v1.h @@ -106,7 +106,7 @@ class ActionDefault_v1 : public sourcemeta::one::RouterAction { sourcemeta::one::json_error( request, response, sourcemeta::one::STATUS_METHOD_NOT_ALLOWED, "method-not-allowed", "This HTTP method is invalid for this URL", - this->error_schema_); + this->error_schema_, "GET, HEAD"); return; } } diff --git a/src/actions/action_health_check_v1.h b/src/actions/action_health_check_v1.h index d84f9de4c..12b06d556 100644 --- a/src/actions/action_health_check_v1.h +++ b/src/actions/action_health_check_v1.h @@ -44,7 +44,7 @@ class ActionHealthCheck_v1 : public sourcemeta::one::RouterAction { sourcemeta::one::json_error( request, response, sourcemeta::one::STATUS_METHOD_NOT_ALLOWED, "method-not-allowed", "This HTTP method is invalid for this URL", - this->error_schema_); + this->error_schema_, "GET, HEAD"); return; } diff --git a/src/actions/action_jsonschema_evaluate_v1.h b/src/actions/action_jsonschema_evaluate_v1.h index 4aa845ad0..c3dcf6567 100644 --- a/src/actions/action_jsonschema_evaluate_v1.h +++ b/src/actions/action_jsonschema_evaluate_v1.h @@ -150,7 +150,7 @@ class ActionJSONSchemaEvaluate_v1 : public sourcemeta::one::RouterAction { sourcemeta::one::json_error( request, response, sourcemeta::one::STATUS_METHOD_NOT_ALLOWED, "method-not-allowed", "This HTTP method is invalid for this URL", - error_schema); + error_schema, "POST, OPTIONS"); return; } @@ -170,11 +170,15 @@ class ActionJSONSchemaEvaluate_v1 : public sourcemeta::one::RouterAction { } if (!evaluation_enabled.has_value()) { + // RFC 9110 §15.5.6: Allow lists the methods this specific target + // resource currently supports. POST hits this very branch (returns + // 405) when the schema was not precompiled, so only OPTIONS is + // actually supported on this URL. sourcemeta::one::json_error( request, response, sourcemeta::one::STATUS_METHOD_NOT_ALLOWED, "no-schema-template", - "This schema was not precompiled for schema evaluation", - error_schema); + "This schema was not precompiled for schema evaluation", error_schema, + "OPTIONS"); return; } diff --git a/src/actions/action_mcp_v1.h b/src/actions/action_mcp_v1.h index e63de9804..71baba92c 100644 --- a/src/actions/action_mcp_v1.h +++ b/src/actions/action_mcp_v1.h @@ -261,6 +261,13 @@ class ActionMCP_v1 : public sourcemeta::one::RouterAction { response.write_status(status); response.write_header("Content-Type", "application/json"); response.write_header("Access-Control-Allow-Origin", this->allowed_origin_); + // RFC 9110 §15.5.6: 405 responses MUST carry Allow listing supported + // methods. The MCP endpoint accepts POST and OPTIONS only. + // https://datatracker.ietf.org/doc/html/rfc9110#section-15.5.6 + if (std::string_view{status} == + sourcemeta::one::STATUS_METHOD_NOT_ALLOWED) { + response.write_header("Allow", "POST, OPTIONS"); + } // Debuggability echo: not mandated by MCP, but lets clients confirm // which protocol revision the server interpreted. For error paths // where no negotiation succeeded, we echo the spec-default `2025-03-26`. diff --git a/src/actions/action_schema_search_v1.h b/src/actions/action_schema_search_v1.h index 7e8512e75..a9096774b 100644 --- a/src/actions/action_schema_search_v1.h +++ b/src/actions/action_schema_search_v1.h @@ -61,7 +61,7 @@ class ActionSchemaSearch_v1 : public sourcemeta::one::RouterAction { sourcemeta::one::json_error( request, response, sourcemeta::one::STATUS_METHOD_NOT_ALLOWED, "method-not-allowed", "This HTTP method is invalid for this URL", - this->error_schema_); + this->error_schema_, "GET"); return; } diff --git a/src/actions/action_serve_static_v1.h b/src/actions/action_serve_static_v1.h index cd21d83bf..334a92837 100644 --- a/src/actions/action_serve_static_v1.h +++ b/src/actions/action_serve_static_v1.h @@ -47,7 +47,7 @@ class ActionServeStatic_v1 : public sourcemeta::one::RouterAction { sourcemeta::one::json_error( request, response, sourcemeta::one::STATUS_METHOD_NOT_ALLOWED, "method-not-allowed", "This HTTP method is invalid for this URL", - this->error_schema_); + this->error_schema_, "GET, HEAD"); return; } diff --git a/src/http/include/sourcemeta/one/http_helpers.h b/src/http/include/sourcemeta/one/http_helpers.h index bdbd1a1fe..49050be3c 100644 --- a/src/http/include/sourcemeta/one/http_helpers.h +++ b/src/http/include/sourcemeta/one/http_helpers.h @@ -53,8 +53,8 @@ inline auto send_response(const char *const code, const HTTPRequest &request, // See https://www.rfc-editor.org/rfc/rfc7807 inline auto json_error(const HTTPRequest &request, HTTPResponse &response, const char *const code, std::string &&identifier, - std::string &&message, const std::string_view schema) - -> void { + std::string &&message, const std::string_view schema, + const std::string_view allow = {}) -> void { auto object{sourcemeta::core::JSON::make_object()}; object.assign("title", sourcemeta::core::JSON{"sourcemeta:one/" + std::move(identifier)}); @@ -64,6 +64,11 @@ inline auto json_error(const HTTPRequest &request, HTTPResponse &response, response.write_status(code); response.write_header("Content-Type", "application/problem+json"); response.write_header("Access-Control-Allow-Origin", "*"); + // RFC 9110 §15.5.6: 405 responses MUST carry Allow listing supported methods. + // https://datatracker.ietf.org/doc/html/rfc9110#section-15.5.6 + if (!allow.empty() && std::string_view{code} == STATUS_METHOD_NOT_ALLOWED) { + response.write_header("Allow", allow); + } if (!schema.empty()) { write_link_header(response, schema); } diff --git a/src/router/artifact.cc b/src/router/artifact.cc index 7197f6f32..e5779f149 100644 --- a/src/router/artifact.cc +++ b/src/router/artifact.cc @@ -116,7 +116,7 @@ auto RouterAction::artifact_serve( sourcemeta::one::json_error( request, response, sourcemeta::one::STATUS_METHOD_NOT_ALLOWED, "method-not-allowed", "This HTTP method is invalid for this URL", - error_schema); + error_schema, "GET, HEAD"); return; } diff --git a/test/e2e/empty/hurl/mcp-2025-11-25.all.hurl b/test/e2e/empty/hurl/mcp-2025-11-25.all.hurl index 116d3213a..9ff30ca28 100644 --- a/test/e2e/empty/hurl/mcp-2025-11-25.all.hurl +++ b/test/e2e/empty/hurl/mcp-2025-11-25.all.hurl @@ -2,6 +2,7 @@ GET {{base}}/self/v1/mcp HTTP 405 Content-Type: application/json Access-Control-Allow-Origin: http://localhost:8000 +Allow: POST, OPTIONS Link: ; rel="describedby" MCP-Protocol-Version: 2025-03-26 [Captures] @@ -33,6 +34,7 @@ DELETE {{base}}/self/v1/mcp HTTP 405 Content-Type: application/json Access-Control-Allow-Origin: http://localhost:8000 +Allow: POST, OPTIONS Link: ; rel="describedby" MCP-Protocol-Version: 2025-03-26 [Captures] @@ -64,6 +66,7 @@ PUT {{base}}/self/v1/mcp HTTP 405 Content-Type: application/json Access-Control-Allow-Origin: http://localhost:8000 +Allow: POST, OPTIONS Link: ; rel="describedby" MCP-Protocol-Version: 2025-03-26 [Captures] diff --git a/test/e2e/headless/hurl/fetch.all.hurl b/test/e2e/headless/hurl/fetch.all.hurl index b9b585f14..008214b78 100644 --- a/test/e2e/headless/hurl/fetch.all.hurl +++ b/test/e2e/headless/hurl/fetch.all.hurl @@ -215,6 +215,7 @@ POST {{base}}/test/schemas/string.json HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -228,6 +229,7 @@ DELETE {{base}}/test/schemas/string.json HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists diff --git a/test/e2e/headless/hurl/health.all.hurl b/test/e2e/headless/hurl/health.all.hurl index 3d8462e54..e5f3047d7 100644 --- a/test/e2e/headless/hurl/health.all.hurl +++ b/test/e2e/headless/hurl/health.all.hurl @@ -23,6 +23,7 @@ POST {{base}}/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -35,6 +36,7 @@ PUT {{base}}/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -47,6 +49,7 @@ DELETE {{base}}/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -59,6 +62,7 @@ PATCH {{base}}/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -71,6 +75,7 @@ OPTIONS {{base}}/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists diff --git a/test/e2e/headless/hurl/no-static.all.hurl b/test/e2e/headless/hurl/no-static.all.hurl index 717a162c5..7c7747dd2 100644 --- a/test/e2e/headless/hurl/no-static.all.hurl +++ b/test/e2e/headless/hurl/no-static.all.hurl @@ -25,6 +25,7 @@ POST {{base}}/self/v1/static/style.min.css HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -37,6 +38,7 @@ PUT {{base}}/self/v1/static/style.min.css HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -49,6 +51,7 @@ DELETE {{base}}/self/v1/static/style.min.css HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists diff --git a/test/e2e/headless/hurl/schemas-dependencies.all.hurl b/test/e2e/headless/hurl/schemas-dependencies.all.hurl index ef0211087..be08330dd 100644 --- a/test/e2e/headless/hurl/schemas-dependencies.all.hurl +++ b/test/e2e/headless/hurl/schemas-dependencies.all.hurl @@ -144,6 +144,7 @@ POST {{base}}/self/v1/api/schemas/dependencies/test/schemas/no-id HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/headless/hurl/schemas-dependents.all.hurl b/test/e2e/headless/hurl/schemas-dependents.all.hurl index 26501f6e0..dea321ba1 100644 --- a/test/e2e/headless/hurl/schemas-dependents.all.hurl +++ b/test/e2e/headless/hurl/schemas-dependents.all.hurl @@ -162,6 +162,7 @@ POST {{base}}/self/v1/api/schemas/dependents/test/schemas/bundling-double HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/headless/hurl/schemas-evaluate.all.hurl b/test/e2e/headless/hurl/schemas-evaluate.all.hurl index 6641ae9cf..39ab81687 100644 --- a/test/e2e/headless/hurl/schemas-evaluate.all.hurl +++ b/test/e2e/headless/hurl/schemas-evaluate.all.hurl @@ -144,6 +144,7 @@ Content-Type: application/problem+json "Hello World" HTTP 405 Access-Control-Allow-Origin: * +Allow: OPTIONS Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/headless/hurl/schemas-locations.all.hurl b/test/e2e/headless/hurl/schemas-locations.all.hurl index 2a38c9935..e09c62f55 100644 --- a/test/e2e/headless/hurl/schemas-locations.all.hurl +++ b/test/e2e/headless/hurl/schemas-locations.all.hurl @@ -101,6 +101,7 @@ POST {{base}}/self/v1/api/schemas/locations/test/schemas/no-id HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/headless/hurl/schemas-metadata.all.hurl b/test/e2e/headless/hurl/schemas-metadata.all.hurl index d798bda9c..496544319 100644 --- a/test/e2e/headless/hurl/schemas-metadata.all.hurl +++ b/test/e2e/headless/hurl/schemas-metadata.all.hurl @@ -124,6 +124,7 @@ POST {{base}}/self/v1/api/schemas/metadata/test/schemas/no-id HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/headless/hurl/schemas-positions.all.hurl b/test/e2e/headless/hurl/schemas-positions.all.hurl index 883e7b5ed..050eb3fd3 100644 --- a/test/e2e/headless/hurl/schemas-positions.all.hurl +++ b/test/e2e/headless/hurl/schemas-positions.all.hurl @@ -69,6 +69,7 @@ POST {{base}}/self/v1/api/schemas/positions/test/schemas/no-id HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/headless/hurl/schemas-search.all.hurl b/test/e2e/headless/hurl/schemas-search.all.hurl index 7077e9825..d3a1ef2ec 100644 --- a/test/e2e/headless/hurl/schemas-search.all.hurl +++ b/test/e2e/headless/hurl/schemas-search.all.hurl @@ -122,6 +122,7 @@ POST {{base}}/self/v1/api/schemas/search?q=foo HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/headless/hurl/schemas-stats.all.hurl b/test/e2e/headless/hurl/schemas-stats.all.hurl index 13bd2ec3e..bc8ea8972 100644 --- a/test/e2e/headless/hurl/schemas-stats.all.hurl +++ b/test/e2e/headless/hurl/schemas-stats.all.hurl @@ -52,6 +52,7 @@ POST {{base}}/self/v1/api/schemas/stats/test/schemas/no-id HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/headless/hurl/schemas-trace.all.hurl b/test/e2e/headless/hurl/schemas-trace.all.hurl index c71358c9d..da6bc0b9d 100644 --- a/test/e2e/headless/hurl/schemas-trace.all.hurl +++ b/test/e2e/headless/hurl/schemas-trace.all.hurl @@ -102,6 +102,7 @@ Content-Type: application/problem+json "Hello World" HTTP 405 Access-Control-Allow-Origin: * +Allow: OPTIONS Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/html/hurl/fetch.all.hurl b/test/e2e/html/hurl/fetch.all.hurl index bf005f026..83c5023c8 100644 --- a/test/e2e/html/hurl/fetch.all.hurl +++ b/test/e2e/html/hurl/fetch.all.hurl @@ -364,6 +364,7 @@ POST {{base}}/test/schemas/string.json HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -390,6 +391,7 @@ DELETE {{base}}/test/schemas/string.json HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists diff --git a/test/e2e/html/hurl/health.all.hurl b/test/e2e/html/hurl/health.all.hurl index 3d8462e54..e5f3047d7 100644 --- a/test/e2e/html/hurl/health.all.hurl +++ b/test/e2e/html/hurl/health.all.hurl @@ -23,6 +23,7 @@ POST {{base}}/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -35,6 +36,7 @@ PUT {{base}}/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -47,6 +49,7 @@ DELETE {{base}}/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -59,6 +62,7 @@ PATCH {{base}}/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -71,6 +75,7 @@ OPTIONS {{base}}/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists diff --git a/test/e2e/html/hurl/html.all.hurl b/test/e2e/html/hurl/html.all.hurl index 220519b90..d60ee054c 100644 --- a/test/e2e/html/hurl/html.all.hurl +++ b/test/e2e/html/hurl/html.all.hurl @@ -1,5 +1,8 @@ OPTIONS {{base}} HTTP 405 +Content-Type: application/problem+json +Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists diff --git a/test/e2e/html/hurl/schemas-dependencies.all.hurl b/test/e2e/html/hurl/schemas-dependencies.all.hurl index 95f4aa7e9..d53b24712 100644 --- a/test/e2e/html/hurl/schemas-dependencies.all.hurl +++ b/test/e2e/html/hurl/schemas-dependencies.all.hurl @@ -242,6 +242,7 @@ POST {{base}}/self/v1/api/schemas/dependencies/test/v2.0/schema HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/html/hurl/schemas-dependents.all.hurl b/test/e2e/html/hurl/schemas-dependents.all.hurl index 90ded0899..227fb0d4b 100644 --- a/test/e2e/html/hurl/schemas-dependents.all.hurl +++ b/test/e2e/html/hurl/schemas-dependents.all.hurl @@ -260,6 +260,7 @@ POST {{base}}/self/v1/api/schemas/dependents/test/bundling/double HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/html/hurl/schemas-evaluate.all.hurl b/test/e2e/html/hurl/schemas-evaluate.all.hurl index 6641ae9cf..39ab81687 100644 --- a/test/e2e/html/hurl/schemas-evaluate.all.hurl +++ b/test/e2e/html/hurl/schemas-evaluate.all.hurl @@ -144,6 +144,7 @@ Content-Type: application/problem+json "Hello World" HTTP 405 Access-Control-Allow-Origin: * +Allow: OPTIONS Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/html/hurl/schemas-locations.all.hurl b/test/e2e/html/hurl/schemas-locations.all.hurl index 0ade8ed22..b9747ed98 100644 --- a/test/e2e/html/hurl/schemas-locations.all.hurl +++ b/test/e2e/html/hurl/schemas-locations.all.hurl @@ -101,6 +101,7 @@ POST {{base}}/self/v1/api/schemas/locations/test/v2.0/schema HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/html/hurl/schemas-metadata.all.hurl b/test/e2e/html/hurl/schemas-metadata.all.hurl index 9d10428d5..e7ce136b8 100644 --- a/test/e2e/html/hurl/schemas-metadata.all.hurl +++ b/test/e2e/html/hurl/schemas-metadata.all.hurl @@ -126,6 +126,7 @@ POST {{base}}/self/v1/api/schemas/metadata/test/v2.0/schema HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/html/hurl/schemas-positions.all.hurl b/test/e2e/html/hurl/schemas-positions.all.hurl index 8260c9cf6..a03cdb22e 100644 --- a/test/e2e/html/hurl/schemas-positions.all.hurl +++ b/test/e2e/html/hurl/schemas-positions.all.hurl @@ -69,6 +69,7 @@ POST {{base}}/self/v1/api/schemas/positions/test/v2.0/schema HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/html/hurl/schemas-search.all.hurl b/test/e2e/html/hurl/schemas-search.all.hurl index 58ae55738..3112f4ea1 100644 --- a/test/e2e/html/hurl/schemas-search.all.hurl +++ b/test/e2e/html/hurl/schemas-search.all.hurl @@ -122,6 +122,7 @@ POST {{base}}/self/v1/api/schemas/search?q=foo HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/html/hurl/schemas-stats.all.hurl b/test/e2e/html/hurl/schemas-stats.all.hurl index 93a289e56..cc67557ec 100644 --- a/test/e2e/html/hurl/schemas-stats.all.hurl +++ b/test/e2e/html/hurl/schemas-stats.all.hurl @@ -52,6 +52,7 @@ POST {{base}}/self/v1/api/schemas/stats/test/v2.0/schema HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/html/hurl/schemas-trace.all.hurl b/test/e2e/html/hurl/schemas-trace.all.hurl index 8a7d68b5a..4522f5b54 100644 --- a/test/e2e/html/hurl/schemas-trace.all.hurl +++ b/test/e2e/html/hurl/schemas-trace.all.hurl @@ -406,6 +406,7 @@ Content-Type: application/problem+json "Hello World" HTTP 405 Access-Control-Allow-Origin: * +Allow: OPTIONS Link: ; rel="describedby" [Captures] last_response: body diff --git a/test/e2e/path/hurl/fetch-draft3.all.hurl b/test/e2e/path/hurl/fetch-draft3.all.hurl index e9d4468e9..94632cd73 100644 --- a/test/e2e/path/hurl/fetch-draft3.all.hurl +++ b/test/e2e/path/hurl/fetch-draft3.all.hurl @@ -134,6 +134,7 @@ POST {{base}}/v1/catalog/draft3/string.json HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists diff --git a/test/e2e/path/hurl/fetch.all.hurl b/test/e2e/path/hurl/fetch.all.hurl index 41dc74445..58456df0c 100644 --- a/test/e2e/path/hurl/fetch.all.hurl +++ b/test/e2e/path/hurl/fetch.all.hurl @@ -292,6 +292,7 @@ POST {{base}}/v1/catalog/example/string.json HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists diff --git a/test/e2e/path/hurl/health.all.hurl b/test/e2e/path/hurl/health.all.hurl index 2a1713dea..d85d6b9e6 100644 --- a/test/e2e/path/hurl/health.all.hurl +++ b/test/e2e/path/hurl/health.all.hurl @@ -23,6 +23,7 @@ POST {{base}}/v1/catalog/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -35,6 +36,7 @@ PUT {{base}}/v1/catalog/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -47,6 +49,7 @@ DELETE {{base}}/v1/catalog/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -59,6 +62,7 @@ PATCH {{base}}/v1/catalog/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists @@ -71,6 +75,7 @@ OPTIONS {{base}}/v1/catalog/self/v1/health HTTP 405 Content-Type: application/problem+json Access-Control-Allow-Origin: * +Allow: GET, HEAD [Asserts] header "Referrer-Policy" not exists header "Content-Security-Policy" not exists diff --git a/test/e2e/path/hurl/mcp-2025-11-25.all.hurl b/test/e2e/path/hurl/mcp-2025-11-25.all.hurl index 9b46c516e..e2d09964b 100644 --- a/test/e2e/path/hurl/mcp-2025-11-25.all.hurl +++ b/test/e2e/path/hurl/mcp-2025-11-25.all.hurl @@ -2,6 +2,7 @@ GET {{base}}/v1/catalog/self/v1/mcp HTTP 405 Content-Type: application/json Access-Control-Allow-Origin: http://localhost:8000 +Allow: POST, OPTIONS Link: ; rel="describedby" MCP-Protocol-Version: 2025-03-26 [Captures] @@ -33,6 +34,7 @@ DELETE {{base}}/v1/catalog/self/v1/mcp HTTP 405 Content-Type: application/json Access-Control-Allow-Origin: http://localhost:8000 +Allow: POST, OPTIONS Link: ; rel="describedby" MCP-Protocol-Version: 2025-03-26 [Captures] @@ -64,6 +66,7 @@ PUT {{base}}/v1/catalog/self/v1/mcp HTTP 405 Content-Type: application/json Access-Control-Allow-Origin: http://localhost:8000 +Allow: POST, OPTIONS Link: ; rel="describedby" MCP-Protocol-Version: 2025-03-26 [Captures]