HTTP response status for unknown (nonexistent) HTTP method

Question

Let's say I've got route /posts. It only implements GET HTTP method.

If someone tries to access it with different, existing method (POST, PUT, etc.) I return 405.

What should I return in case someone tries using some unsupported, nonexistent method like MYCUSTOMMETHOD or SFASFS? 405 method not allowed or rather 501 not implemented or maybe even 400 bad request (seems to be default behaviour in node express) , as such methods are not in HTTP specs?

Answer 1

I found this post today but it's an interesting question and thus answering to a very old question since there's no single answer here surprisingly.

I had found somewhere in tweeter regarding this issue exactly and most votes were to 405 - Method Not Allowed because this is not a server side issue but client sent request with bad method.

But MDN Docs states exactly opposite to it.

501 is the appropriate response when the server does not recognize the request method and is incapable of supporting it for any resource. The only methods that servers are required to support (and therefore that must not return 501) are GET and HEAD.

If the server does recognize the method, but intentionally does not support it, the appropriate response is 405 Method Not Allowed.

Thus, it creates a dilemma for developers. Which one to choose between 405 and 501? But to be honest, I will go with the MDN.

Here's why:

• Client sends request with UNKNOWN method.
• A good server cares everything that client sends!
• Server responds: "Hey, client! It's unknown to me. And it's not implemented. 501
• A careless server ignores some unknown issues.
• Server responds: "Hey, client! You're not allowed to do that! And it's not allowed. 405

To conclude: Choose 501 - Method Not Implemented for UNKNOWN methods.