Changeset 1428 for draft-ietf-httpbis/latest/p2-semantics.xml

Timestamp:

Sep 1, 2011, 1:55:31 AM (8 years ago)

Author:

julian.reschke@…

Message:

explain types of redirects, history of changes, and allow POST->GET rewriting for 301/302 (see [160])

File:

• draft-ietf-httpbis/latest/p2-semantics.xml (modified) (6 diffs)

draft-ietf-httpbis/latest/p2-semantics.xml

@@ -25 +25 @@
   <!ENTITY auth                       "<xref target='Part7' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY content-negotiation        "<xref target='Part3' x:rel='#content.negotiation' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
+  <!ENTITY agent-driven-negotiation    "<xref target='Part3' x:rel='#agent-driven.negotiation' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY notation-abnf              "<xref target='Part1' x:rel='#notation.abnf' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
   <!ENTITY basic-rules                "<xref target='Part1' x:rel='#basic.rules' xmlns:x='http://purl.org/net/xml2rfc/ext'/>">
@@ -1567 +1568 @@
 <t>
    This class of status code indicates that further action needs to be
-   taken by the user agent in order to fulfill the request.  The action
-   required &MAY; be carried out by the user agent without interaction
-   with the user if and only if the method used in the second request is
-   known to be "safe", as defined in <xref target="safe.methods"/>.
-   A client &SHOULD; detect infinite redirection loops, since such loops
-   generate network traffic for each redirection.
+   taken by the user agent in order to fulfill the request.  If the required
+   action involves a subsequent HTTP request, it &MAY; be carried out by the
+   user agent without interaction with the user if and only if the method used
+   in the second request is known to be "safe", as defined in
+   <xref target="safe.methods"/>.
+</t>
+<t>
+   There are several types of redirects:
+   <list style="numbers">
+      <x:lt>
+        <t>
+          Redirects of the request to another URI, either temporarily or
+          permanently. The new URI is specified in the Location header field.
+          In this specification, the status codes 301 (Moved Permanently), 
+          302 (Found), and 307 (Temporary Redirect) fall under this category.
+        </t>
+      </x:lt>
+      <x:lt>
+        <t>
+          Redirection to a new location that represents an indirect response to
+          the request, such as the result of a POST operation to be retrieved
+          with a subsequent GET request. This is status code 303 (See Other).
+        </t>
+      </x:lt>
+      <x:lt>
+        <t>
+          Redirection offering a choice of matching resources for use by
+          agent-driven content negotiation (&agent-driven-negotiation;). This
+          is status code 300 (Multiple Choices).
+        </t>
+      </x:lt>
+      <x:lt>
+        <t>
+          Other kinds of redirection, such as to a cached result (status code 304
+          (Not Modified)). 
+        </t>
+      </x:lt>
+   </list>
+</t>
+<x:note>
+  <t>
+    <x:h>Note:</x:h> In HTTP/1.0, only the status codes 301 (Moved Permanently)
+    and 302 (Found) were defined for the first type of redirect, and the second
+    type did not exist at all (<xref target="RFC1945" x:fmt="," x:sec="9.3"/>).
+    However it turned out that web forms using POST expected redirects to change
+    the operation for the subsequent request to retrieval (GET). To address this
+    use case, HTTP/1.1 introduced the second type of redirect with the status
+    code 303 (See Other) (<xref target="RFC2068" x:fmt="," x:sec="10.3.4"/>).
+    As user agents did not change their behavior to maintain backwards
+    compatibility, the first revision of HTTP/1.1 added yet another status code,
+    307 (Temporary Redirect), for which the backwards compatibility problems did
+    not apply (<xref target="RFC2616" x:fmt="," x:sec="10.3.8"/>).
+    Over 10 years later, most user agents still do method rewriting for
+    status codes 301 and 302, therefore this specification makes that behavior
+    compliant in case the original request was POST.
+  </t>
+</x:note>
+<t>
+   Clients &SHOULD; detect and intervene in cyclical redirections (i.e.,
+   "infinite" redirection loops).
 </t>
 <x:note>
@@ -1646 +1701 @@
 <x:note>
   <t>
-    <x:h>Note:</x:h> When automatically redirecting a POST request after
-    receiving a 301 status code, some existing HTTP/1.0 user agents
-    will erroneously change it into a GET request.
+    <x:h>Note:</x:h> For historic reasons, user agents &MAY; change the
+    request method from POST to GET for the subsequent request. If this
+    behavior is undesired, status code 307 (Temporary Redirect) can be used
+    instead.
   </t>
 </x:note>
@@ -1677 +1733 @@
 <x:note>
   <t>
-    <x:h>Note:</x:h> HTTP/1.0 (<xref target="RFC1945" x:fmt="," x:sec="9.3"/>)
-    and the first version of HTTP/1.1 (<xref target="RFC2068" x:fmt="," x:sec ="10.3.3"/>)
-    specify that the client is not allowed to change the method on the
-    redirected request.  However, most existing user agent implementations
-    treat 302 as if it were a 303 response, performing a GET on the Location
-    field-value regardless of the original request method. Therefore, a 
-    previous version of this specification
-    (<xref target="RFC2616" x:fmt="," x:sec="10.3.3"/>) has added the 
-    status codes
-    <xref target="status.303" format="none">303</xref> and
-    <xref target="status.307" format="none">307</xref> for servers that wish
-    to make unambiguously clear which kind of reaction is expected of the
-    client.
+    <x:h>Note:</x:h> For historic reasons, user agents &MAY; change the
+    request method from POST to GET for the subsequent request. If this
+    behavior is undesired, status code 307 (Temporary Redirect) can be used
+    instead.
+    <cref anchor="issue312">but see <eref target="http://trac.tools.ietf.org/wg/httpbis/trac/ticket/312"/></cref>
   </t>
 </x:note>
@@ -3617 +3665 @@
 </t>
 <t>
-  Failed to consider that there are
-  many other request methods that are safe to automatically redirect,
-  and further that the user agent is able to make that determination
-  based on the request method semantics.
+  Failed to consider that there are many other request methods that are safe
+  to automatically redirect, and further that the user agent is able to make
+  that determination based on the request method semantics.
+  Furthermore, allow user agents to rewrite the method from POST to GET
+  for status codes 301 and 302.
   (Sections <xref format="counter" target="status.301"/>,
   <xref format="counter" target="status.302"/> and
@@ -4272 +4321 @@
   <list style="symbols"> 
     <t>
+      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/160"/>:
+      "Redirects and non-GET methods"
+    </t>
+    <t>
       <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/310"/>:
       "clarify 303 redirect on HEAD"