How to complete the challenge OPTIONS /todos (200)
We can use OPTIONS request to identify the allowed verbs for an API End Point. This is useful to compare these with the Swagger/Open API documentation and also to check if the unlisted verbs are actually disallowed by the API.
OPTIONS /todos (200)
Issue an OPTIONS request on the
/todosend point. You might want to manually check the 'Allow' header in the response is as expected.
OPTIONSrequest will receive a response with no body, just headers if the provided end point exists i.e the/todosend point- e.g.
OPTIONS /todosto show the allowed verbs for thetodosendpoint
- e.g.
200is a success code, in this case it means the end point exists and theOPTIONSverb is allowed- The body of the message is empty
- add the
X-CHALLENGERheader to track progress - the important header in the response is the
allowheader as this lists all the allowed verbs to use on the end point.
Basic Instructions
- Issue an
OPTIONSrequest to end point "/todos"- if running locally that endpoint would be
https://apichallenges.eviltester.com/todos
- if running locally that endpoint would be
- The request should have an
X-CHALLENGERheader to track challenge completion - The response status code should be
200when all the details are valid. - Check the
allowheader in the response has valid values
As a set of follow on exercises:
- try
OPTIONSon a few other endpoints in the API and see if theallowvalues are different. - Try to issue requests for each of the allowed verbs.
Example Request
> OPTIONS /todos HTTP/1.1
> Host: apichallenges.eviltester.com
> User-Agent: insomnia/2020.3.3
> X-CHALLENGER: x-challenger-guid
> Accept: */*
Example Response
< HTTP/1.1 200 OK
< Connection: close
< Date: Mon, 12 Apr 2021 09:41:34 GMT
< Allow: OPTIONS, GET, HEAD, POST
< Access-Control-Allow-Origin: *
< Access-Control-Allow-Headers: *
< X-Challenger: x-challenger-guid
< Content-Type: text/html;charset=utf-8
< Server: Jetty(9.4.z-SNAPSHOT)
< Via: 1.1 vegur