W3C home > Mailing lists > Public > ietf-http-wg-old@w3.org > May to August 1995

Re: Redirection inherits METHOD?

From: Henrik Frystyk Nielsen <frystyk@w3.org>
Date: Mon, 19 Jun 1995 14:18:41 -0400
Message-Id: <9506191818.AA13350@www20>
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, dwm@shell.portal.com
 
> It seems to me that default should be to inherit the method. Then define
> an option to alter the method. (is that '303 Method'?). There should
> probably be a SAFE set of method changes which the UA could simply
> perform (POST -> (GET | HEAD) and others which would require the 
> end user to approve (* -> DELETE) some or all of the time. Even 
> inheriting the METHOD might require approval on some re-directs.

In my opinion any change in the conditions for a non-idempotent method
should be advertised to the user, including redirections.

> Alternatively, the server(s) which did the redirect might be
> identified to the server receiving the redirected request.. I'm
> beginning to sense some real security nightmares best left to the
> next version of the standard for carefully thoughout specification.

That's why I think that it actually is easier to have a separate 
status code for when the method has changed. Then (old) clients will
not accidently do the wrong thing.

--

Henrik Frystyk                                          frystyk@W3.org
World-Wide Web Consortium,                              Tel + 1 617 258 8143
MIT/LCS, NE43-356					Fax + 1 617 258 8682
77 Massachusetts Avenue
Cambridge MA 02154, USA
Received on Monday, 19 June 1995 11:23:01 EDT

This archive was generated by hypermail pre-2.1.9 : Wednesday, 24 September 2003 06:31:22 EDT