RE: Redirection of a POST as a GET from Eric Lawrence on 2007-03-08 (ietf-http-wg@w3.org from January to March 2007)

From: Eric Lawrence <ericlaw@exchange.microsoft.com>
Date: Wed, 7 Mar 2007 16:05:08 -0800
To: Henrik Nordstrom <henrik@henriknordstrom.net>, Anne van Kesteren <annevk@opera.com>
CC: "ietf-http-wg@w3.org Group" <ietf-http-wg@w3.org>
Message-ID: <8301DE7F96C0074C8DA98484623D7E511357B783A8@DF-MASTIFF-MSG.exchange.corp.microso>

<< As it's been specified since day 1 (before HTTP/1.0 even) that the original request should be retried with the new Request-URI without changing the request method we can not change the specs in such manner that this would not be a correct thing to do.>>

Do you know of ~any~ user-agent which will perform a POST after receiving a 302 in response to the POST?  I have yet to encounter any such client.

Thanks,

Eric


-----Original Message-----
From: ietf-http-wg-request@w3.org [mailto:ietf-http-wg-request@w3.org] On Behalf Of Henrik Nordstrom
Sent: Wednesday, March 07, 2007 3:57 PM
To: Anne van Kesteren
Cc: ietf-http-wg@w3.org Group
Subject: Re: Redirection of a POST as a GET

ons 2007-03-07 klockan 23:33 +0100 skrev Anne van Kesteren:

> Following the spec for this is not really feasible. We tried and failed.
> It would make sense to simply change the specification imo...

Hmm.. perhaps it would work to rewrite the specs to allow the request to be retried using either the original request method or a GET after a POST resulting in a 301/302 redirect. I.e. not say that there is broken user agents around but to also accept that broken behavior as an alternative action.

  ... Alternatively if the request was a POST request the user agent
  MAY automatically retry the request as a GET request without requiring
  user confirmation.


As it's been specified since day 1 (before HTTP/1.0 even) that the original request should be retried with the new Request-URI without changing the request method we can not change the specs in such manner that this would not be a correct thing to do. In terms of spec writing the only possible choices is to clearly deprecate the 301/302 responses as "broken beyond repair" in favor of the new 303 & 307 status codes and hope the industry won't trash these as well, or to convince the industry to fix up their act and start following the specs.. and I suspect you won't be happy with either choice..

In terms of spec writing it's quite disappointing that this industry can't accept a clear and well specified "thats the wrong thing to do", and instead continues doing the wrong thing forever countless software generations after the implementation error has been pointed out.. This attitude is quite saddening for the future of the web..

Regards
Henrik

Received on Thursday, 8 March 2007 00:07:57 UTC