Context Navigation

← Previous Change
Next Change →

Changeset 1428 for draft-ietf-httpbis

Timestamp:

01/09/11 08:55:31 (10 years ago)

Author:

julian.reschke@…

Message:

explain types of redirects, history of changes, and allow POST->GET rewriting for 301/302 (see [160])

Location:

draft-ietf-httpbis/latest

Files:

: 2 edited

p2-semantics.html (modified) (14 diffs)
p2-semantics.xml (modified) (6 diffs)

Legend:

: Unmodified
: Added
: Removed

draft-ietf-httpbis/latest/p2-semantics.html

-                      r1427
+                      r1428
       <h2 id="rfc.section.7.3"><a href="#rfc.section.7.3">7.3</a>&nbsp;<a id="status.3xx" href="#status.3xx">Redirection 3xx</a></h2>
       <p id="rfc.section.7.3.p.1">This class of status code indicates that further action needs to be taken by the user agent in order to fulfill the request.
+         The action required <em class="bcp14">MAY</em> be carried out by the user agent without interaction with the user if and only if the method used in the second request is
+         known to be "safe", as defined in <a href="#safe.methods" title="Safe Methods">Section&nbsp;6.1.1</a>. A client <em class="bcp14">SHOULD</em> detect infinite redirection loops, since such loops generate network traffic for each redirection.
+      </p>
+      <div class="note" id="rfc.section.7.3.p.2">
+         <p> <b>Note:</b> An earlier version of this specification recommended a maximum of five redirections (<a href="#RFC2068" id="rfc.xref.RFC2068.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>, <a href="http://tools.ietf.org/html/rfc2068#section-10.3">Section 10.3</a>). Content developers need to be aware that some clients might implement such a fixed limitation.
+         If the required action involves a subsequent HTTP request, it <em class="bcp14">MAY</em> be carried out by the user agent without interaction with the user if and only if the method used in the second request is
+         known to be "safe", as defined in <a href="#safe.methods" title="Safe Methods">Section&nbsp;6.1.1</a>.
+      </p>
+      <p id="rfc.section.7.3.p.2">There are several types of redirects: </p>
+      <ol>
+         <li>
+            <p>Redirects of the request to another URI, either temporarily or permanently. The new URI is specified in the Location header
+               field. In this specification, the status codes 301 (Moved Permanently), 302 (Found), and 307 (Temporary Redirect) fall under
+               this category.
+            </p>
+         </li>
+         <li>
+            <p>Redirection to a new location that represents an indirect response to the request, such as the result of a POST operation
+               to be retrieved with a subsequent GET request. This is status code 303 (See Other).
+            </p>
+         </li>
+         <li>
+            <p>Redirection offering a choice of matching resources for use by agent-driven content negotiation (<a href="p3-payload.html#agent-driven.negotiation" title="Agent-driven Negotiation">Section 5.2</a> of <a href="#Part3" id="rfc.xref.Part3.7"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>). This is status code 300 (Multiple Choices).
+            </p>
+         </li>
+         <li>
+            <p>Other kinds of redirection, such as to a cached result (status code 304 (Not Modified)).</p>
+         </li>
+      </ol>
+      <div class="note" id="rfc.section.7.3.p.3">
+         <p> <b>Note:</b> In HTTP/1.0, only the status codes 301 (Moved Permanently) and 302 (Found) were defined for the first type of redirect, and
+            the second type did not exist at all (<a href="#RFC1945" id="rfc.xref.RFC1945.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.0">[RFC1945]</cite></a>, <a href="http://tools.ietf.org/html/rfc1945#section-9.3">Section 9.3</a>). However it turned out that web forms using POST expected redirects to change the operation for the subsequent request to
+            retrieval (GET). To address this use case, HTTP/1.1 introduced the second type of redirect with the status code 303 (See Other)
+            (<a href="#RFC2068" id="rfc.xref.RFC2068.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>, <a href="http://tools.ietf.org/html/rfc2068#section-10.3.4">Section 10.3.4</a>). As user agents did not change their behavior to maintain backwards compatibility, the first revision of HTTP/1.1 added
+            yet another status code, 307 (Temporary Redirect), for which the backwards compatibility problems did not apply (<a href="#RFC2616" id="rfc.xref.RFC2616.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>, <a href="http://tools.ietf.org/html/rfc2616#section-10.3.8">Section 10.3.8</a>). Over 10 years later, most user agents still do method rewriting for status codes 301 and 302, therefore this specification
+            makes that behavior compliant in case the original request was POST.
+         </p>
+      </div>
+      <p id="rfc.section.7.3.p.4">Clients <em class="bcp14">SHOULD</em> detect and intervene in cyclical redirections (i.e., "infinite" redirection loops).
+      </p>
+      <div class="note" id="rfc.section.7.3.p.5">
+         <p> <b>Note:</b> An earlier version of this specification recommended a maximum of five redirections (<a href="#RFC2068" id="rfc.xref.RFC2068.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>, <a href="http://tools.ietf.org/html/rfc2068#section-10.3">Section 10.3</a>). Content developers need to be aware that some clients might implement such a fixed limitation.
          </p>
       </div>
 …
       <h3 id="rfc.section.7.3.1"><a href="#rfc.section.7.3.1">7.3.1</a>&nbsp;<a id="status.300" href="#status.300">300 Multiple Choices</a></h3>
       <p id="rfc.section.7.3.1.p.1">The target resource has more than one representation, each with its own specific location, and agent-driven negotiation information
          (<a href="p3-payload.html#content.negotiation" title="Content Negotiation">Section 5</a> of <a href="#Part3" id="rfc.xref.Part3.7"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>) is being provided so that the user (or user agent) can select a preferred representation by redirecting its request to that
+         (<a href="p3-payload.html#content.negotiation" title="Content Negotiation">Section 5</a> of <a href="#Part3" id="rfc.xref.Part3.8"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>) is being provided so that the user (or user agent) can select a preferred representation by redirecting its request to that
          location.
       </p>
 …
       </p>
       <div class="note" id="rfc.section.7.3.2.p.5">
          <p> <b>Note:</b> When automatically redirecting a POST request after receiving a 301 status code, some existing HTTP/1.0 user agents will erroneously
             change it into a GET request.
+         <p> <b>Note:</b> For historic reasons, user agents <em class="bcp14">MAY</em> change the request method from POST to GET for the subsequent request. If this behavior is undesired, status code 307 (Temporary
+            Redirect) can be used instead.
          </p>
       </div>
 …
       </p>
       <div class="note" id="rfc.section.7.3.3.p.4">
+         <p> <b>Note:</b> HTTP/1.0 (<a href="#RFC1945" id="rfc.xref.RFC1945.1"><cite title="Hypertext Transfer Protocol -- HTTP/1.0">[RFC1945]</cite></a>, <a href="http://tools.ietf.org/html/rfc1945#section-9.3">Section 9.3</a>) and the first version of HTTP/1.1 (<a href="#RFC2068" id="rfc.xref.RFC2068.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>, <a href="http://tools.ietf.org/html/rfc2068#section-10.3.3">Section 10.3.3</a>) specify that the client is not allowed to change the method on the redirected request. However, most existing user agent
+            implementations treat 302 as if it were a 303 response, performing a GET on the Location field-value regardless of the original
+            request method. Therefore, a previous version of this specification (<a href="#RFC2616" id="rfc.xref.RFC2616.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2616]</cite></a>, <a href="http://tools.ietf.org/html/rfc2616#section-10.3.3">Section 10.3.3</a>) has added the status codes <a href="#status.303" id="rfc.xref.status.303.2">303</a> and <a href="#status.307" id="rfc.xref.status.307.2">307</a> for servers that wish to make unambiguously clear which kind of reaction is expected of the client.
+         <p> <b>Note:</b> For historic reasons, user agents <em class="bcp14">MAY</em> change the request method from POST to GET for the subsequent request. If this behavior is undesired, status code 307 (Temporary
+            Redirect) can be used instead. <span class="comment" id="issue312">[<a href="#issue312" class="smpl">issue312</a>: but see &lt;<a href="http://trac.tools.ietf.org/wg/httpbis/trac/ticket/312">http://trac.tools.ietf.org/wg/httpbis/trac/ticket/312</a>&gt;]</span>
          </p>
       </div>
 …
       <h3 id="rfc.section.7.4.7"><a href="#rfc.section.7.4.7">7.4.7</a>&nbsp;<a id="status.406" href="#status.406">406 Not Acceptable</a></h3>
       <p id="rfc.section.7.4.7.p.1">The resource identified by the request is only capable of generating response representations which have content characteristics
          not acceptable according to the Accept and Accept-* header fields sent in the request (see <a href="p3-payload.html#header.field.definitions" title="Header Field Definitions">Section 6</a> of <a href="#Part3" id="rfc.xref.Part3.8"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>).
+         not acceptable according to the Accept and Accept-* header fields sent in the request (see <a href="p3-payload.html#header.field.definitions" title="Header Field Definitions">Section 6</a> of <a href="#Part3" id="rfc.xref.Part3.9"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>).
       </p>
       <p id="rfc.section.7.4.7.p.2">Unless it was a HEAD request, the response <em class="bcp14">SHOULD</em> include a representation containing a list of available representation characteristics and location(s) from which the user
 …
       </div>
       <div class="note" id="rfc.section.8.4.p.9">
          <p> <b>Note:</b> The Content-Location header field (<a href="p3-payload.html#header.content-location" title="Content-Location">Section 6.7</a> of <a href="#Part3" id="rfc.xref.Part3.9"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>) differs from Location in that the Content-Location identifies the most specific resource corresponding to the enclosed representation.
+         <p> <b>Note:</b> The Content-Location header field (<a href="p3-payload.html#header.content-location" title="Content-Location">Section 6.7</a> of <a href="#Part3" id="rfc.xref.Part3.10"><cite title="HTTP/1.1, part 3: Message Payload and Content Negotiation">[Part3]</cite></a>) differs from Location in that the Content-Location identifies the most specific resource corresponding to the enclosed representation.
             It is therefore possible for a response to contain header fields for both Location and Content-Location.
          </p>
 …
                   <td class="left">303</td>
                   <td class="left">See Other</td>
                   <td class="left"> <a href="#status.303" id="rfc.xref.status.303.3" title="303 See Other">Section&nbsp;7.3.4</a>
+                  <td class="left"> <a href="#status.303" id="rfc.xref.status.303.2" title="303 See Other">Section&nbsp;7.3.4</a>
                   </td>
                </tr>
 …
                   <td class="left">307</td>
                   <td class="left">Temporary Redirect</td>
                   <td class="left"> <a href="#status.307" id="rfc.xref.status.307.3" title="307 Temporary Redirect">Section&nbsp;7.3.8</a>
+                  <td class="left"> <a href="#status.307" id="rfc.xref.status.307.2" title="307 Temporary Redirect">Section&nbsp;7.3.8</a>
                   </td>
                </tr>
 …
       </p>
       <p id="rfc.section.A.p.6">Failed to consider that there are many other request methods that are safe to automatically redirect, and further that the
+         user agent is able to make that determination based on the request method semantics. (Sections <a href="#status.301" id="rfc.xref.status.301.3" title="301 Moved Permanently">7.3.2</a>, <a href="#status.302" id="rfc.xref.status.302.3" title="302 Found">7.3.3</a> and <a href="#status.307" id="rfc.xref.status.307.4" title="307 Temporary Redirect">7.3.8</a>)
+         user agent is able to make that determination based on the request method semantics. Furthermore, allow user agents to rewrite
+         the method from POST to GET for status codes 301 and 302. (Sections <a href="#status.301" id="rfc.xref.status.301.3" title="301 Moved Permanently">7.3.2</a>, <a href="#status.302" id="rfc.xref.status.302.3" title="302 Found">7.3.3</a> and <a href="#status.307" id="rfc.xref.status.307.3" title="307 Temporary Redirect">7.3.8</a>)
       </p>
       <p id="rfc.section.A.p.7">Deprecate 305 Use Proxy status code, because user agents did not implement it. It used to indicate that the target resource
 …
       <p id="rfc.section.C.18.p.1">Closed issues: </p>
       <ul>
+         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/160">http://tools.ietf.org/wg/httpbis/trac/ticket/160</a>&gt;: "Redirects and non-GET methods"
+         </li>
          <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/310">http://tools.ietf.org/wg/httpbis/trac/ticket/310</a>&gt;: "clarify 303 redirect on HEAD"
          </li>
 …
                   <li>301 Moved Permanently (status code)&nbsp;&nbsp;<a href="#rfc.xref.status.301.1">4.1</a>, <a href="#rfc.iref.32"><b>7.3.2</b></a>, <a href="#rfc.xref.status.301.2">9.2</a>, <a href="#rfc.xref.status.301.3">A</a></li>
                   <li>302 Found (status code)&nbsp;&nbsp;<a href="#rfc.xref.status.302.1">4.1</a>, <a href="#rfc.iref.33"><b>7.3.3</b></a>, <a href="#rfc.xref.status.302.2">9.2</a>, <a href="#rfc.xref.status.302.3">A</a></li>
                   <li>303 See Other (status code)&nbsp;&nbsp;<a href="#rfc.xref.status.303.1">4.1</a>, <a href="#rfc.xref.status.303.2">7.3.3</a>, <a href="#rfc.iref.34"><b>7.3.4</b></a>, <a href="#rfc.xref.status.303.3">9.2</a></li>
+                  <li>303 See Other (status code)&nbsp;&nbsp;<a href="#rfc.xref.status.303.1">4.1</a>, <a href="#rfc.iref.34"><b>7.3.4</b></a>, <a href="#rfc.xref.status.303.2">9.2</a></li>
                   <li>304 Not Modified (status code)&nbsp;&nbsp;<a href="#rfc.iref.35"><b>7.3.5</b></a></li>
                   <li>305 Use Proxy (status code)&nbsp;&nbsp;<a href="#rfc.xref.status.305.1">4.1</a>, <a href="#rfc.iref.36"><b>7.3.6</b></a>, <a href="#rfc.xref.status.305.2">9.2</a>, <a href="#rfc.xref.status.305.3">A</a></li>
                   <li>306 (Unused) (status code)&nbsp;&nbsp;<a href="#rfc.iref.37"><b>7.3.7</b></a>, <a href="#rfc.xref.status.306.1">9.2</a></li>
                   <li>307 Temporary Redirect (status code)&nbsp;&nbsp;<a href="#rfc.xref.status.307.1">4.1</a>, <a href="#rfc.xref.status.307.2">7.3.3</a>, <a href="#rfc.iref.38"><b>7.3.8</b></a>, <a href="#rfc.xref.status.307.3">9.2</a>, <a href="#rfc.xref.status.307.4">A</a></li>
+                  <li>307 Temporary Redirect (status code)&nbsp;&nbsp;<a href="#rfc.xref.status.307.1">4.1</a>, <a href="#rfc.iref.38"><b>7.3.8</b></a>, <a href="#rfc.xref.status.307.2">9.2</a>, <a href="#rfc.xref.status.307.3">A</a></li>
                </ul>
             </li>
 …
                      </ul>
                   </li>
+                  <li><em>Part3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part3.1">3.2</a>, <a href="#rfc.xref.Part3.2">3.2</a>, <a href="#rfc.xref.Part3.3">3.2</a>, <a href="#rfc.xref.Part3.4">3.2</a>, <a href="#rfc.xref.Part3.5">5</a>, <a href="#rfc.xref.Part3.6">6.5</a>, <a href="#rfc.xref.Part3.7">7.3.1</a>, <a href="#rfc.xref.Part3.8">7.4.7</a>, <a href="#rfc.xref.Part3.9">8.4</a>, <a href="#Part3"><b>12.1</b></a><ul>
+                        <li><em>Section 5</em>&nbsp;&nbsp;<a href="#rfc.xref.Part3.7">7.3.1</a></li>
+                  <li><em>Part3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part3.1">3.2</a>, <a href="#rfc.xref.Part3.2">3.2</a>, <a href="#rfc.xref.Part3.3">3.2</a>, <a href="#rfc.xref.Part3.4">3.2</a>, <a href="#rfc.xref.Part3.5">5</a>, <a href="#rfc.xref.Part3.6">6.5</a>, <a href="#rfc.xref.Part3.7">7.3</a>, <a href="#rfc.xref.Part3.8">7.3.1</a>, <a href="#rfc.xref.Part3.9">7.4.7</a>, <a href="#rfc.xref.Part3.10">8.4</a>, <a href="#Part3"><b>12.1</b></a><ul>
+                        <li><em>Section 5</em>&nbsp;&nbsp;<a href="#rfc.xref.Part3.8">7.3.1</a></li>
+                        <li><em>Section 5.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part3.7">7.3</a></li>
                         <li><em>Section 6.1</em>&nbsp;&nbsp;<a href="#rfc.xref.Part3.1">3.2</a></li>
                         <li><em>Section 6</em>&nbsp;&nbsp;<a href="#rfc.xref.Part3.8">7.4.7</a></li>
+                        <li><em>Section 6</em>&nbsp;&nbsp;<a href="#rfc.xref.Part3.9">7.4.7</a></li>
                         <li><em>Section 6.2</em>&nbsp;&nbsp;<a href="#rfc.xref.Part3.2">3.2</a></li>
                         <li><em>Section 6.3</em>&nbsp;&nbsp;<a href="#rfc.xref.Part3.3">3.2</a></li>
                         <li><em>Section 6.4</em>&nbsp;&nbsp;<a href="#rfc.xref.Part3.4">3.2</a></li>
                         <li><em>Section 6.7</em>&nbsp;&nbsp;<a href="#rfc.xref.Part3.6">6.5</a>, <a href="#rfc.xref.Part3.9">8.4</a></li>
+                        <li><em>Section 6.7</em>&nbsp;&nbsp;<a href="#rfc.xref.Part3.6">6.5</a>, <a href="#rfc.xref.Part3.10">8.4</a></li>
                      </ul>
                   </li>
 …
                   <li>Referer header field&nbsp;&nbsp;<a href="#rfc.xref.header.referer.1">3.2</a>, <a href="#rfc.iref.r.1"><b>8.6</b></a>, <a href="#rfc.xref.header.referer.2">9.3</a>, <a href="#rfc.xref.header.referer.3">A</a></li>
                   <li>Retry-After header field&nbsp;&nbsp;<a href="#rfc.xref.header.retry-after.1">3.3</a>, <a href="#rfc.xref.header.retry-after.2">7.5.4</a>, <a href="#rfc.iref.r.2"><b>8.7</b></a>, <a href="#rfc.xref.header.retry-after.3">9.3</a></li>
                   <li><em>RFC1945</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC1945.1">7.3.3</a>, <a href="#RFC1945"><b>12.2</b></a><ul>
                         <li><em>Section 9.3</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC1945.1">7.3.3</a></li>
+                  <li><em>RFC1945</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC1945.1">7.3</a>, <a href="#RFC1945"><b>12.2</b></a><ul>
+                        <li><em>Section 9.3</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC1945.1">7.3</a></li>
                      </ul>
                   </li>
                   <li><em>RFC2068</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2068.1">7.3</a>, <a href="#rfc.xref.RFC2068.2">7.3.3</a>, <a href="#RFC2068"><b>12.2</b></a><ul>
                         <li><em>Section 10.3</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2068.1">7.3</a></li>
                         <li><em>Section 10.3.3</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2068.2">7.3.3</a></li>
+                  <li><em>RFC2068</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2068.1">7.3</a>, <a href="#rfc.xref.RFC2068.2">7.3</a>, <a href="#RFC2068"><b>12.2</b></a><ul>
+                        <li><em>Section 10.3</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2068.2">7.3</a></li>
+                        <li><em>Section 10.3.4</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2068.1">7.3</a></li>
                      </ul>
                   </li>
                   <li><em>RFC2119</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2119.1">1.1</a>, <a href="#RFC2119"><b>12.1</b></a></li>
                   <li><em>RFC2616</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2616.1">1</a>, <a href="#rfc.xref.RFC2616.2">7.3.3</a>, <a href="#RFC2616"><b>12.2</b></a>, <a href="#rfc.xref.RFC2616.3">C.1</a><ul>
                         <li><em>Section 10.3.3</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2616.2">7.3.3</a></li>
+                  <li><em>RFC2616</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2616.1">1</a>, <a href="#rfc.xref.RFC2616.2">7.3</a>, <a href="#RFC2616"><b>12.2</b></a>, <a href="#rfc.xref.RFC2616.3">C.1</a><ul>
+                        <li><em>Section 10.3.8</em>&nbsp;&nbsp;<a href="#rfc.xref.RFC2616.2">7.3</a></li>
                      </ul>
                   </li>
 …
                         <li>301 Moved Permanently&nbsp;&nbsp;<a href="#rfc.xref.status.301.1">4.1</a>, <a href="#rfc.iref.s.12"><b>7.3.2</b></a>, <a href="#rfc.xref.status.301.2">9.2</a>, <a href="#rfc.xref.status.301.3">A</a></li>
                         <li>302 Found&nbsp;&nbsp;<a href="#rfc.xref.status.302.1">4.1</a>, <a href="#rfc.iref.s.13"><b>7.3.3</b></a>, <a href="#rfc.xref.status.302.2">9.2</a>, <a href="#rfc.xref.status.302.3">A</a></li>
                         <li>303 See Other&nbsp;&nbsp;<a href="#rfc.xref.status.303.1">4.1</a>, <a href="#rfc.xref.status.303.2">7.3.3</a>, <a href="#rfc.iref.s.14"><b>7.3.4</b></a>, <a href="#rfc.xref.status.303.3">9.2</a></li>
+                        <li>303 See Other&nbsp;&nbsp;<a href="#rfc.xref.status.303.1">4.1</a>, <a href="#rfc.iref.s.14"><b>7.3.4</b></a>, <a href="#rfc.xref.status.303.2">9.2</a></li>
                         <li>304 Not Modified&nbsp;&nbsp;<a href="#rfc.iref.s.15"><b>7.3.5</b></a></li>
                         <li>305 Use Proxy&nbsp;&nbsp;<a href="#rfc.xref.status.305.1">4.1</a>, <a href="#rfc.iref.s.16"><b>7.3.6</b></a>, <a href="#rfc.xref.status.305.2">9.2</a>, <a href="#rfc.xref.status.305.3">A</a></li>
                         <li>306 (Unused)&nbsp;&nbsp;<a href="#rfc.iref.s.17"><b>7.3.7</b></a>, <a href="#rfc.xref.status.306.1">9.2</a></li>
                         <li>307 Temporary Redirect&nbsp;&nbsp;<a href="#rfc.xref.status.307.1">4.1</a>, <a href="#rfc.xref.status.307.2">7.3.3</a>, <a href="#rfc.iref.s.18"><b>7.3.8</b></a>, <a href="#rfc.xref.status.307.3">9.2</a>, <a href="#rfc.xref.status.307.4">A</a></li>
+                        <li>307 Temporary Redirect&nbsp;&nbsp;<a href="#rfc.xref.status.307.1">4.1</a>, <a href="#rfc.iref.s.18"><b>7.3.8</b></a>, <a href="#rfc.xref.status.307.2">9.2</a>, <a href="#rfc.xref.status.307.3">A</a></li>
                         <li>400 Bad Request&nbsp;&nbsp;<a href="#rfc.xref.status.400.1">4.1</a>, <a href="#rfc.iref.s.19"><b>7.4.1</b></a>, <a href="#rfc.xref.status.400.2">9.2</a></li>
                         <li>401 Unauthorized&nbsp;&nbsp;<a href="#rfc.iref.s.20"><b>7.4.2</b></a></li>

draft-ietf-httpbis/latest/p2-semantics.xml

-                      r1427
+                      r1428
   <!ENTITY auth                       "<xref target='Part7' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY content-negotiation        "<xref target='Part3' x:rel='#content.negotiation' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
+  <!ENTITY agent-driven-negotiation    "<xref target='Part3' x:rel='#agent-driven.negotiation' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY notation-abnf              "<xref target='Part1' x:rel='#notation.abnf' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY basic-rules                "<xref target='Part1' x:rel='#basic.rules' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
 …
 <t>
    This class of status code indicates that further action needs to be
+   taken by the user agent in order to fulfill the request.  The action
+   required &MAY; be carried out by the user agent without interaction
+   with the user if and only if the method used in the second request is
+   known to be "safe", as defined in <xref target="safe.methods"/>.
+   A client &SHOULD; detect infinite redirection loops, since such loops
+   generate network traffic for each redirection.
+   taken by the user agent in order to fulfill the request.  If the required
+   action involves a subsequent HTTP request, it &MAY; be carried out by the
+   user agent without interaction with the user if and only if the method used
+   in the second request is known to be "safe", as defined in
+   <xref target="safe.methods"/>.
+</t>
+<t>
+   There are several types of redirects:
+   <list style="numbers">
+      <x:lt>
+        <t>
+          Redirects of the request to another URI, either temporarily or
+          permanently. The new URI is specified in the Location header field.
+          In this specification, the status codes 301 (Moved Permanently),
+(Found), and 307 (Temporary Redirect) fall under this category.
+        </t>
+      </x:lt>
+      <x:lt>
+        <t>
+          Redirection to a new location that represents an indirect response to
+          the request, such as the result of a POST operation to be retrieved
+          with a subsequent GET request. This is status code 303 (See Other).
+        </t>
+      </x:lt>
+      <x:lt>
+        <t>
+          Redirection offering a choice of matching resources for use by
+          agent-driven content negotiation (&agent-driven-negotiation;). This
+          is status code 300 (Multiple Choices).
+        </t>
+      </x:lt>
+      <x:lt>
+        <t>
+          Other kinds of redirection, such as to a cached result (status code 304
+          (Not Modified)).
+        </t>
+      </x:lt>
+   </list>
+</t>
+<x:note>
+  <t>
+    <x:h>Note:</x:h> In HTTP/1.0, only the status codes 301 (Moved Permanently)
+    and 302 (Found) were defined for the first type of redirect, and the second
+    type did not exist at all (<xref target="RFC1945" x:fmt="," x:sec="9.3"/>).
+    However it turned out that web forms using POST expected redirects to change
+    the operation for the subsequent request to retrieval (GET). To address this
+    use case, HTTP/1.1 introduced the second type of redirect with the status
+    code 303 (See Other) (<xref target="RFC2068" x:fmt="," x:sec="10.3.4"/>).
+    As user agents did not change their behavior to maintain backwards
+    compatibility, the first revision of HTTP/1.1 added yet another status code,
+(Temporary Redirect), for which the backwards compatibility problems did
+    not apply (<xref target="RFC2616" x:fmt="," x:sec="10.3.8"/>).
+    Over 10 years later, most user agents still do method rewriting for
+    status codes 301 and 302, therefore this specification makes that behavior
+    compliant in case the original request was POST.
+  </t>
+</x:note>
+<t>
+   Clients &SHOULD; detect and intervene in cyclical redirections (i.e.,
+   "infinite" redirection loops).
 </t>
 <x:note>
 …
 <x:note>
   <t>
+    <x:h>Note:</x:h> When automatically redirecting a POST request after
+    receiving a 301 status code, some existing HTTP/1.0 user agents
+    will erroneously change it into a GET request.
+    <x:h>Note:</x:h> For historic reasons, user agents &MAY; change the
+    request method from POST to GET for the subsequent request. If this
+    behavior is undesired, status code 307 (Temporary Redirect) can be used
+    instead.
   </t>
 </x:note>
 …
 <x:note>
   <t>
+    <x:h>Note:</x:h> HTTP/1.0 (<xref target="RFC1945" x:fmt="," x:sec="9.3"/>)
+    and the first version of HTTP/1.1 (<xref target="RFC2068" x:fmt="," x:sec ="10.3.3"/>)
+    specify that the client is not allowed to change the method on the
+    redirected request.  However, most existing user agent implementations
+    treat 302 as if it were a 303 response, performing a GET on the Location
+    field-value regardless of the original request method. Therefore, a
+    previous version of this specification
+    (<xref target="RFC2616" x:fmt="," x:sec="10.3.3"/>) has added the
+    status codes
+    <xref target="status.303" format="none">303</xref> and
+    <xref target="status.307" format="none">307</xref> for servers that wish
+    to make unambiguously clear which kind of reaction is expected of the
+    client.
+    <x:h>Note:</x:h> For historic reasons, user agents &MAY; change the
+    request method from POST to GET for the subsequent request. If this
+    behavior is undesired, status code 307 (Temporary Redirect) can be used
+    instead.
+    <cref anchor="issue312">but see <eref target="http://trac.tools.ietf.org/wg/httpbis/trac/ticket/312"/></cref>
   </t>
 </x:note>
 …
 </t>
 <t>
+  Failed to consider that there are
+  many other request methods that are safe to automatically redirect,
+  and further that the user agent is able to make that determination
+  based on the request method semantics.
+  Failed to consider that there are many other request methods that are safe
+  to automatically redirect, and further that the user agent is able to make
+  that determination based on the request method semantics.
+  Furthermore, allow user agents to rewrite the method from POST to GET
+  for status codes 301 and 302.
   (Sections <xref format="counter" target="status.301"/>,
   <xref format="counter" target="status.302"/> and
 …
   <list style="symbols">
     <t>
+      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/160"/>:
+      "Redirects and non-GET methods"
+    </t>
+    <t>
       <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/310"/>:
       "clarify 303 redirect on HEAD"

Note: See TracChangeset for help on using the changeset viewer.

Context Navigation

Changeset 1428 for draft-ietf-httpbis

Legend:

draft-ietf-httpbis/latest/p2-semantics.html

draft-ietf-httpbis/latest/p2-semantics.xml

Download in other formats: