405 Method Not Allowed is missing the Allow header.

[brackendawson]

Description

https://tools.ietf.org/html/rfc7231#section-6.5.5 says

The origin server MUST generate an Allow header field in a 405 response containing a list of the target resource's currently supported methods.

gin does not do this with HandleMethodNotAllowed set to true. Also it is arguable that even with this setting enabled, all HTTP/1.0 requests should still be given a 404 error as HTTP 1.0 does not define 405.

How to reproduce

Server:

package main

import (
	"net/http"

	"github.com/gin-gonic/gin"
)

func main() {
	router := gin.Default()
	router.GET("hi", func(c *gin.Context) {
		name := c.Param("name")
		c.String(http.StatusOK, "Hello %s", name)
	})
	router.HandleMethodNotAllowed = true
	router.Run()
}

Test:

$ curl -D- localhost:8080/hi -XPOST

Expectations

HTTP/1.0 405 Method Not Allowed
Allow: GET

Actual result

HTTP/1.0 405 Method Not Allowed
Content-Type: text/plain
Date: Mon, 25 May 2020 21:53:14 GMT
Content-Length: 22

405 method not allowed

Environment

• go version: go version go1.14.3 darwin/amd64
• gin version (or commit ref): v1.6.3
• operating system: Mac

[lgrossi]

Hi, I saw there is a PR for this issue. Is there an ETA for when it's going to be released?