15👍
Did you intend for you application to handle HEAD requests, or are these coming from some anonymous source? You certainly aren’t obligated to honor a HEAD request. You can just return with a status code of 405 (Method not allowed) and provide the Allow header with GET or whatever you mean to handle.
I don’t think that manually setting request.method to GET is meaningful; in all probability, you are just returning a response that is larger than what the requester wanted. They just wanted to see the headers for the response. If you don’t want to handle the HEAD, do the 405 and Allow header approach.
Generally, a client sends a HEAD request because they are trying to be smart about not handling a full response if they don’t need to. They are checking to see if the Content-Length has changed since the last time that they saw the response, or they want to see the Last-Modified or Expires header.
It is certainly well-behaved for your application to gracefully handle HEAD requests, but you don’t have to.