Context Navigation

← Previous Ticket
Next Ticket →

#238 closed design (fixed)

Requirements for user intervention during redirects

Reported by:	mnot@…	Owned by:
Priority:	normal	Milestone:	19
Component:	p2-semantics	Severity:	Active WG Document
Keywords:		Cc:

Description

The redirect status codes define requirements for user intervention; e.g.,

If the 301 status code is received in response to a request method that is known to be "safe", as defined in Section 7.1.1, then the request MAY be automatically redirected by the user agent without confirmation. Otherwise, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

However, this requirement is not often implemented by UAs.

In dealing with this issue, we need to consider the impact of #160.

Raised by Adam Barth at IETF78.

Attachments (1)

238.diff (3.4 KB) - added by julian.reschke@… 10 years ago.: Proposed patch

Download all attachments as: .zip

Change History (10)

comment:1 Changed 12 years ago by julian.reschke@…

Whatever we come up with should be made consistent with the requirements on safe message handling, see http://lists.w3.org/Archives/Public/ietf-http-wg/2010JulSep/0246.html.

comment:2 Changed 11 years ago by mnot@…

Priority changed from normal to blocked

Waiting for resolution of #160.

comment:3 Changed 11 years ago by julian.reschke@…

Note on how current UAs prompt, tested using <http://www.mnot.net/javascript/xmlhttprequest/>:

DELETE -> 301/302
- Chrome 14/Safari 5.1: no prompt (rewritten to GET)
- Internet Explorer 9: no prompt (method preserved)
- Firefox 7: no prompt (rewritten to GET)
- Opera 11.5: no prompt (rewritten to GET)
DELETE -> 303
- Chrome 14/Safari 5.1: no prompt (rewritten to GET)
- Internet Explorer 9: no prompt (rewritten to GET)
- Firefox 7: no prompt (rewritten to GET)
- Opera 11.5: no prompt (rewritten to GET)
DELETE -> 307
- Chrome 14/Safari 5.1: no prompt (method preserved)
- Internet Explorer 9: no prompt (method preserved)
- Firefox 7: prompt (method preserved)
- Opera 11.5: prompt (method preserved)

POST -> 301/302
- Chrome 14/Safari 5.1: no prompt (rewritten to GET)
- Internet Explorer 9: no prompt (rewritten to GET)
- Firefox 7: no prompt (rewritten to GET)
- Opera 11.5: no prompt (rewritten to GET)
POST -> 303
- Chrome 14/Safari 5.1: no prompt (rewritten to GET)
- Internet Explorer 9: no prompt (rewritten to GET)
- Firefox 7: no prompt (rewritten to GET)
- Opera 11.5: no prompt (rewritten to GET)
POST -> 307
- Chrome 14/Safari 5.1: no prompt (method preserved)
- Internet Explorer 9: no prompt (method preserved)
- Firefox 7: prompt (method preserved)
- Opera 11.5: prompt (method preserved)

PUT -> 301/302
- Chrome 14/Safari 5.1: no prompt (rewritten to GET)
- Internet Explorer 9: no prompt (method preserved)
- Firefox 7: no prompt (rewritten to GET)
- Opera 11.5: no prompt (rewritten to GET)
PUT -> 303
- Chrome 14/Safari 5.1: no prompt (rewritten to GET)
- Internet Explorer 9: no prompt (method preserved)
- Firefox 7: no prompt (rewritten to GET)
- Opera 11.5: no prompt (rewritten to GET)
PUT -> 307
- Chrome 14/Safari 5.1: no prompt
- Internet Explorer 9: no prompt
- Firefox 7: prompt (method preserved)
- Opera 11.5: prompt (method preserved)