W3C home > Mailing lists > Public > ietf-http-wg@w3.org > October to December 2003

Re: Redirection MUST NOTs

From: David Morris <dwm@xpasc.com>
Date: Tue, 4 Nov 2003 15:08:24 -0800 (PST)
Cc: <ietf-http-wg@w3.org>
Message-ID: <Pine.LNX.4.33.0311041459590.20730-100000@egate.xpasc.com>



On Tue, 4 Nov 2003, Mark Baker wrote:

>
> On Tue, Nov 04, 2003 at 11:00:42AM -0800, David Morris wrote:
> > What you propose requires a change to client behavior in a way that
> > potentially reduces the integrity of the user interaction for all sites
> > because you have a specific site you believe has a valid reason for
> > allowing handling the redirect w/o user interaction.
>
> Not at all.  My proposal doesn't require that any client change
> behaviour (as they'd still conform to a "SHOULD NOT" requirement).
> It just asks that new clients be permitted to auto-redirect if
> they have a very good reason to do so.

Without a protocol based reason for the client to alter its behavior,
there is no reason to even use "SHOULD NOT" in the HTTP specification. To
achieve the intended user protection, the base protocol needs to preclude
auto-redirect.

Dave Morris
Received on Tuesday, 4 November 2003 18:24:34 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:49:25 GMT