W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2010

User confirmation and 307 redirects

From: Adam Barth <ietf@adambarth.com>
Date: Wed, 18 Aug 2010 14:27:03 -0700
Message-ID: <AANLkTikwBtgScO6=hYndHrGAbVGSAuk+78SPybGyHMTv@mail.gmail.com>
To: httpbis <ietf-http-wg@w3.org>
Cc: Maciej Stachowiak <mjs@apple.com>
http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-11#section-8.3.8 says

[[
   If the 307 status code is received in response to a request method
   that is known to be "safe", as defined in Section 7.1.1, then the
   request MAY be automatically redirected by the user agent without
   confirmation.  Otherwise, the user agent MUST NOT automatically
   redirect the request unless it can be confirmed by the user, since
   this might change the conditions under which the request was issued.
]]

As has been pointed out by multiple folks on multiple occasions, this
requirement should be removed for the following reasons:

1) HTTP ought not to impose constraints on the user agent's user
interface.  This requirement is not appropriate for all user agents,
for example a GPS navigation unit in a car.
2) This requirement does not reflect reality.  A number of widely used
user agents disregard this requirement.
3) This requirement is actively harmful to interoperability.  Web
sites cannot reliably use 307 redirects because it triggers awful UI
mandated by this requirement in some user agents.

The only counter rationale I've seen on this list is that the
requirement is actually meaningless under a theory of
"pre-confirmation."  If the requirement is meaningless, that means we
should remove it as well.

Kindly remove the requirement.

Adam
Received on Wednesday, 18 August 2010 21:27:59 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:24 GMT