(else (bad-request "Invalid method: ~a" (substring str start end)))))

Another problem with the old implementation – AFAICT, this does a  “400 Bad Request”. However, at least when the syntax/grammar/... is correct, it should be a 501 instead.

>An origin server that receives a request method that is unrecognized or not implemented SHOULD respond with the 501 (Not Implemented) status code. An origin server that receives a request method that is recognized and implemented, but not allowed for the target resource, SHOULD respond with the 405 (Method Not Allowed) status code.

Given the proposal to (in this procedure) allow all methods (at least all grammatical methods) in a new implementation, it seems this won’t be this method’s responsibility anymore, though.

Best regards,

Maxime Devos