Re: Redirection inherits METHOD? from Henrik Frystyk Nielsen on 1995-06-18 (ietf-http-wg@w3.org from April to June 1995)

From: Henrik Frystyk Nielsen <frystyk@w3.org>
Date: Sun, 18 Jun 1995 18:26:13 -0400
To: http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com, wmperry@spry.com
Message-Id: <9506182226.AA11905@www20>

> Just wondering what the feeling is on a redirection inheriting the 'method'
> of the original request is.
> 
> Say i've got a form being posted, and issue a redirection to a normal
> document (not another CGI script).
> 
> Should the form contents be reposted to the new destination?  Some of the
> language in section 6.2.2 seems to imply this, but in other cases it
> doesn't make sense to inherit them.

stuff deleted

> I think this was discussed before, but I thought the outcome was 'yes
> redirect using POST', but I just ran into a form that redirects to a static
> page, and the server fails to serve the document when you 'POST'.  I can't
> get to the working group pages for some reason to check the archives
> either.

I think the comment then was that the normal behavior is to change method from
POST to GET on a redirect. However, I am strongly inclined to say that a 
method _should_be_ inherited on a redirect, even though this might break some
setups that depend on it. The reason is that I don't want POST to be limited
to sending form data over the wire.

Imagine a perfectly normal situation from the mail world: A user writes
a mail and wants to send it to multiple destinations:

	- a mailing list
	- a news group
	- a good friend

In order to let the Web develop into a collaborative tool we must provide
such functionality in HTTP as well. In fact, in the W3C Reference Library
(a.k.a. Library of Common Code) I have extended that model to include HTTP,
so that we might have a senario like: A user writes a document and can send
it to multiple destinations using PUT or POST (the method can be assigned 
independently for each destination - and the relations between the links
are done using typed links). This works well, and in this situation you do
not want the method to change arbitrarily as a result of a 301 or 302
redirection. 

In stead the right thing to do is to inform the user that the conditions have
changed and if the operation should continue or not. This can be done equally
well for DELETE and the rest of the methods. This is very simple and should not
cause any security problems (deleting withour knowing etc).

However, I can see situations where a change in method would be useful, but for
this I suggest that we "re-introduce" the '303 Method' header and find a syntax
that fits.

Again, as the current practice is not according to preferred practice, I strongly
suggest that the latter is to go into the HTTP spec.

--

Henrik Frystyk                                          frystyk@W3.org
World-Wide Web Consortium,                              Tel + 1 617 258 8143
MIT/LCS, NE43-356					Fax + 1 617 258 8682
77 Massachusetts Avenue
Cambridge MA 02154, USA

Received on Sunday, 18 June 1995 15:27:08 UTC