W3C home > Mailing lists > Public > public-webapi@w3.org > August 2007

Re: [XHR2] letting authors handle more response codes

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 20 Aug 2007 12:16:38 +0200
To: "Julian Reschke" <julian.reschke@gmx.de>
Cc: "Web API WG (public)" <public-webapi@w3.org>
Message-ID: <op.txcr50ja64w2qv@annevk-t60.oslo.opera.com>

On Sat, 18 Aug 2007 17:05:50 +0200, Julian Reschke <julian.reschke@gmx.de>  
wrote:
> Anne van Kesteren wrote:
>> I've heard some use cases from authors who want to handle more response  
>> codes. For 30x responses and 401 responses. 304 is already addressed by  
>> XHR1 by letting the author set various headers himself that will let  
>> the user agent pass through the actual response if it's a 304. However,  
>> redirects are always transparantly and a 401 will trigger a dialog  
>> where the user will have to enter credentials.
>
> Redirects MUST NOT be transparent unless the request method is safe, see  
>   for instance  
> <http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.10.3.3.p.3>:
>
> "If the 302 status code is received in response to a request other than  
> GET or HEAD, the user agent MUST NOT automatically redirect the request  
> unless it can be confirmed by the user, since this might change the  
> conditions under which the request was issued."

A yeah, there's a note to that effect even. I haven't tested though if  
that's actually followed in practice.


-- 
Anne van Kesteren
<http://annevankesteren.nl/>
<http://www.opera.com/>
Received on Monday, 20 August 2007 10:16:52 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 8 January 2008 14:18:58 GMT