Opened 7 years ago

Closed 6 years ago

#295 closed design (fixed)

Applying original fragment to "plain" redirected URI

Reported by: mnot@… Owned by: mnot@…
Priority: normal Milestone: 19
Component: p2-semantics Severity: Active WG Document
Keywords: Cc:

Description

In the resolution to #43, we warned that we don't define precedence when both the request URI and the redirected URI have fragment identifiers;

Note: This specification does not define precedence rules for the case where the original URI, as navigated to by the user agent, and the Location header field value both contain fragment identifiers. Thus be aware that including fragment identifiers might inconvenience anyone relying on the semantics of the original URI's fragment identifier.

However, we didn't explicitly cover the case where the request-URI has a fragment identifier, but the Location URI does not.

This should be defined; at a minimum, we should say that we don't specify behaviour, to warn people of interop problems.

Interestingly, an old I-D did specify behaviour here:

http://tools.ietf.org/html/draft-bos-http-redirect-00

Specifically:

If the server returns a response code of 300 ("multiple choice"), 301 ("moved permanently"), 302 ("moved temporarily") or 303 ("see other"), and if the server also returns one or more URIs where the resource can be found, then the client SHOULD treat the new URIs as if the fragment identifier of the original URI was added at the end.

See also:

http://blogs.msdn.com/b/ieinternals/archive/2011/05/17/url-fragments-and-redirects-anchor-hash-missing.aspx

Test script at:

https://gist.github.com/330963

tests T4 and T8 (note that the "FAIL/PASS" determinations assume that the resolution would align with draft-bos-http-redirect).

Attachments (1)

295.diff (4.7 KB) - added by julian.reschke@… 6 years ago.
Proposed patch

Download all attachments as: .zip

Change History (13)

comment:1 Changed 7 years ago by mnot@…

  • Milestone changed from unassigned to 15

comment:2 Changed 7 years ago by julian.reschke@…

  • Owner changed from draft-ietf-httpbis-p2-semantics@… to julian.reschke@…

comment:3 Changed 7 years ago by julian.reschke@…

  • Owner julian.reschke@… deleted

comment:4 Changed 7 years ago by julian.reschke@…

  • Milestone changed from 15 to unassigned

comment:6 Changed 7 years ago by mnot@…

  • Owner set to mnot@…

comment:8 Changed 6 years ago by mnot@…

  • Milestone changed from unassigned to 19

Proposal: To make this change we could add to:

"The field value consists of a single URI-reference. When it has the form of a relative reference ([RFC3986], Section 4.2), the final value is computed by resolving it against the effective request URI ([RFC3986], Section 5)."

saying

"... If the original URI, as navigated to by the user agent, did contain a fragment identifier, and the final value does not, then the original URI's fragment identifier is added to the final value."

(also add examples)

(and also we would kill <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-18.html#rfc.section.9.5.p.9>).

Changed 6 years ago by julian.reschke@…

Proposed patch

comment:9 Changed 6 years ago by julian.reschke@…

From [1536]:

Location header field: define header field recombination in presence of fragment identifiers, mention security impact, rephrase main definition (see #295)

comment:10 Changed 6 years ago by julian.reschke@…

  • Resolution set to incorporated
  • Status changed from new to closed

comment:11 Changed 6 years ago by mnot@…

  • Resolution incorporated deleted
  • Status changed from closed to reopened

comment:12 Changed 6 years ago by mnot@…

  • Resolution set to fixed
  • Status changed from reopened to closed
Note: See TracTickets for help on using tickets.