I am building a RESTful API. When the client uses an unsupported method such as POST on a resource that does not supports it, I am returning a 405 with the Allow header which lists the allowed methods:
Status Code: 405 Method Not Allowed
Allow: GET, HEAD, OPTIONS
Connection: keep-alive
Date: Mon, 08 Apr 2013 00:19:26 GMT
Transfer-Encoding: chunked
Is it allowed to have a body (to provide an error message) for 405 responses?
From the w3c's site, it is not apparent whether a body is allowed for 405 responses.
The HTTP/1.1 protocol spec states in the "message length" section:
Any response message which "MUST NOT" include a message-body (the 1xx, 204, and 304 responses and any response to a HEAD request) is always terminated by the first empty line after the header fields, regardless of the entity-header fields present in the message.
A message body is optional for all 4xx-5xx codes as long as the HTTP method is not HEAD.