W3C home > Mailing lists > Public > ietf-http-wg@w3.org > July to September 2011

Re: #160: Redirects and non-GET methods

From: Adam Barth <ietf@adambarth.com>
Date: Sun, 17 Jul 2011 16:37:01 -0700
Message-ID: <CAJE5ia-D57hhGpDt1kcVFE568mKfS7zspvRSe2PejxgW9XgEww@mail.gmail.com>
To: Mark Nottingham <mnot@mnot.net>
Cc: HTTP Working Group <ietf-http-wg@w3.org>
On Sun, Jul 17, 2011 at 4:16 AM, Mark Nottingham <mnot@mnot.net> wrote:
> <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160>
>
> I've just tested the latest iterations of the browsers, with the following results:
>
>  Safari/533.21.1 - all 301, 302, 307 rewritten to GET; 303 methods are preserved
>  Firefox/5.0.1 - all 301, 302 rewritten to GET; 303 and 307 methods are preserved
>  Chrome/14.0.814.0 - all 301, 302 rewritten to GET; 303 and 307 methods are preserved
>  Opera/11.50 - all 301, 302 rewritten to GET; 303 methods are preserved; 307 tests crash the browser
>  MSIE/9.0 (latest) - all 301, 302 methods preserved except POST (changed to GET); all 303, 307 methods are preserved
>
> So, many browsers rewrite many methods to GET on 301 and 302. whereas most browsers preserve methods on 303 and 307*.
>
> We *could* codify this practice. However, as Julian notes in the bug, the fact that IE doesn't rewrite anything except POST is an existence proof (and a fairly large one) that it's workable to not rewrite the method on non-POST methods.
>
> So, I'm inclined to agree that we could address this by changing 301 an 302 to note that POST is rewritten to GET; it's a smaller change, although it would require changes in more browsers.
>
> Thoughts? Especially from browser people?

w.r.t. Chrome's behavior, specifically, our intent was to match
Firefox, which it looks like we've succeeded at.

>From the table above, I would recommend that Safari change to not
rewrite 307 because that seems to both violate the intent of 307 and
to align better with other user agents.  With that change (modulo
crashes!), all the non-IE browsers would behave the same way, which is
a collectively stable equilibrium that I wouldn't recommend
disrupting.

All that said, GET and POST are vastly more common for browsers to
handle than other methods.  Having reasonable requirements for GET and
POST would be a welcome step forward.

Adam
Received on Sunday, 17 July 2011 23:38:00 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:45 GMT