- From: Lou Montulli <montulli@netscape.com>
- Date: Thu, 28 Aug 1997 17:36:13 -0700
- To: "David W. Morris" <dwm@xpasc.com>
- Cc: Ben Laurie <ben@algroup.co.uk>, Larry Masinter <masinter@parc.xerox.com>, http-wg%cuckoo.hpl.hp.com@hplb.hpl.hp.com
David W. Morris wrote: > On Fri, 1 Aug 1997, Ben Laurie wrote: > > > Larry Masinter wrote: > > > satisfies all of the requirements that are MUST for 1.1, then you > > > need to label the response as 1.0. > > > > OK. It still seems to me that the correct thing to do is to fix CGI. A > > simple thing to do would be to add a version header: > > > > CGI-Version: 1.1 > > (nb., this suggestion mixes CGI and HTTP versions ...) > > > > > Absence of the header means the script is 1.0 compliant. This is not an > > HTTP header - the server would strip it, I assume, and doctor other > > headers as needed. > > I think this issue is much larger than whether the server know that > an individual CGI script complies with HTTP/1.1 in what it generates. > This just as easily fixed with out band server configuration choices. > As a separate subject, it may be appropriate for some group to standardize > the CGI API and include a version, but that isn't our task and such a > change won't help this problem... > > If a script was written to empirical behavior, it (actually, the target > being referenced) may expect a 302 response to POST to return as a GET. > > That server may be accessed by a proxy which changes the HTTP status line > version to 1.1 making any necessary updates to header fields. > > If a *client* which sees the 302 status on what is marked as an HTTP/1.1 > response adopts rigid 302 handling, an existing HTTP/1.0 > server/application will break. Who gets blamed? It works with my old > browser (still if I re-install it, etc.) and not the new one. In the > user's mind the blame rests with the browser, not an out of date server. > > The 307 proposal works. Lets do it. > I'm definately coming late to this discussion, but I have some strong thoughtsto offer. 99.2% of the browsers in use today including all versions of netscape and IE reissue POST redirects with a GET. It would be incredibly fool hardy to try and change this behaviour now. It is far easier to swap the meaning of 303 and 301/302 than it is to fix every CGI in the world as well as every old browser in the world. I doubt that any commercial vendor is willing to release a product that will break a large number of sites simply to claim compliance with this spec. How is this issue going to get resolved? This tread died out almost a month ago yet there is no solution yet. The current situation is unworkable. :lou
Received on Thursday, 28 August 1997 17:49:00 UTC