prometheus
diff --git a/‎docs/content/exporting/http/_index.md
Lines changed: 24 additions & 1 deletion
< 8000 /ul> b/‎docs/content/exporting/http/_index.md
Lines changed: 24 additions & 1 deletion
< 8000 /ul>
diff --git a/‎prometheus_client/exposition.py
Lines changed: 19 additions & 1 deletion b/‎prometheus_client/exposition.py
Lines changed: 19 additions & 1 deletion
diff --git a/‎tox.ini
Lines changed: 2 additions & 2 deletions b/‎tox.ini
Lines changed: 2 additions & 2 deletions
@@ -52,4 +52,27 @@ chain is used (see Python [ssl.SSLContext.load_default_certs()](https://docs.pyt
 from prometheus_client import start_http_server
 
 start_http_server(8000, certfile="server.crt", keyfile="server.key")
-```
+```
+
+# Supported HTTP methods
+
+The prometheus client will handle the following HTTP methods and resources:
+
+* `OPTIONS /*` - returns HTTP status 200 and an 'Allow' header indicating the
+  allowed methods (OPTIONS, GET)
+* `GET /` - returns HTTP status 200 and the metrics data
+* `GET /metrics` - returns HTTP status 200 and the metrics data
+* `GET /favicon.ico` - returns HTTP status 200 and an empty response body. Some
+  browsers support this to display the returned icon in the browser tab.
+
+Other resources than these on the allowed OPTIONS and GET methods are rejected
+with HTTP status 404 "Resource Not Found".
+
+Other HTTP methods than these are rejected with HTTP status 405 "Method Not Allowed"
+and an 'Allow' header indicating the allowed methods (OPTIONS, GET).
+
+Any returned HTTP errors are also displayed in the response body after a hash
+sign and with a brief hint. Example:
+```
+# HTTP 405 Method Not Allowed: XXX; use OPTIONS or GET
+```
@@ -118,11 +118,29 @@ def prometheus_app(environ, start_response):
         accept_header = environ.get('HTTP_ACCEPT')
         accept_encoding_header = environ.get('HTTP_ACCEPT_ENCODING')
         params = parse_qs(environ.get('QUERY_STRING', ''))
-        if environ['PATH_INFO'] == '/favicon.ico':
+
+        if environ['REQUEST_METHOD'] == 'OPTIONS':
+            if environ['PATH_INFO'] == '/*':
+                status = '200 OK'
+                headers = [('Allow', 'OPTIONS,GET')]
+            else:
+                status = '404 Resource not found: '
+                headers = [('', '')]
+                output = '# HTTP {}: {}; use /*\n'.format(status, environ['PATH_INFO']).encode()
+        elif environ['REQUEST_METHOD'] != 'GET':
+            status = '405 Method Not Allowed'
+            headers = [('Allow', 'OPTIONS,GET')]
+            output = '# HTTP {}: {}; use OPTIONS or GET\n'.format(status, environ['REQUEST_METHOD']).encode()
+        elif environ['PATH_INFO'] == '/favicon.ico':
             # Serve empty response for browsers
             status = '200 OK'
             headers = [('', '')]
             output = b''
+        elif environ['PATH_INFO'].strip('/') not in ('', 'metrics'):
+            status = '404 Resource not found'
+            headers = [('', '')]
+            output = '# HTTP {}: {}; use / or /metrics\n'.format(status, environ['PATH_INFO']).encode()
         else:
             # Bake output
             status, headers, output = _bake_output(registry, accept_header, accept_encoding_header, params, disable_compression)
 
@@ -7,8 +7,8 @@ deps =
     pytest
     attrs
     {py3.8,pypy3.8}: twisted
-    py3.8: asgiref
-    # See https://github.com/django/asgiref/issues/393 for why we need to pin asgiref for pypy
+    # See https://github.com/django/asgiref/issues/393 for why we need to pin asgiref
+    py3.8: asgiref==3.6.0
     pypy3.8: asgiref==3.6.0
 commands = coverage run --parallel -m pytest {posargs}