W3C home > Mailing lists > Public > ietf-http-wg@w3.org > January to March 2012

Re: #328: user Intervention on Redirects

From: Chris Weber <chris@lookout.net>
Date: Tue, 07 Feb 2012 09:35:49 -0800
Message-ID: <4F3160F5.4010201@lookout.net>
To: Julian Reschke <julian.reschke@gmx.de>
CC: Martin Thomson <martin.thomson@gmail.com>, Anne van Kesteren <annevk@opera.com>, Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On 2/7/2012 9:21 AM, Julian Reschke wrote:
> Clarifying: "Open" means that the target of the redirect actually
> depends on something the request contains, such as a query parameter,
> right?

True, that's the most common case.  An example would be -
http://www.example.com/redir?target=http://foo.bar - where the query
parameter named 'target' has a user-controlled value which gets used
(most commonly) in an HTTP 302 redirect's 'Location' header.

---- REQUEST ----

GET /redir?target=http://foo.bar HTTP/1.1
Host: www.example.com

---- RESPONSE ----

HTTP/1.1 302 Found
Location: http://foo.bar/



-CW
Received on Tuesday, 7 February 2012 17:38:42 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 27 April 2012 06:51:55 GMT