extensibility of status codes (was: 301/302)

On Fri, 5 Sep 1997, John Franks wrote:

> On Fri, 5 Sep 1997, Ben Laurie wrote:
> 
> > Practical experience has shown us (the Apache Group) that it is not
> > possible to deploy a fully compliant HTTP/1.1 server without making
> > allowance for broken browsers.
> > 
> 
> Yes, but this is not an issue of broken browsers.  It is a question of
> *all* correctly implemented browsers, and which versions of them
> support which version(s) of HTTP.

But extensibility of status codes is supposedly built into the protocol.
RFC 1945 6.1.1 (and very similar in 2068):

   HTTP status codes are extensible, but the above codes are the only
   ones generally recognized in current practice. HTTP applications are
   not required to understand the meaning of all registered status
   codes, though such understanding is obviously desirable. However,
   applications must understand the class of any status code, as
   indicated by the first digit, and treat any unrecognized response as
   being equivalent to the x00 status code of that class, with the
   exception that an unrecognized response must not be cached.

So a HTTP/1.0 client which doesn't know about 303 should treat it like
300, which in turn (RFC 1945) "should include an entity containing a
list of resource characteristics and locations from which the user or
user agent can choose the one most appropriate."  302 responses
normally have a brief HTML text with a link to follow the direction
manually, that wouldn't be different for 303.  I don't know how many
HTTP/1.0 user agents actually do display the contents of a 303
response, but if they don't it is arguably a case of a "broken
browser".

> I have the greatest respect for the Apache project.  What you have
> achieved is truly remarkable and I am a big fan.  But if your 1.1
> servers use 303 and 307 then as soon as 1.1 proxies appear there will
> be a lot of broken transactions.  I see no way around this except
> never to use 303/307 and revert to 302.  Perhaps I am wrong.  I hope
> so.

With non-broken pre-HTTP/1.1 browsers, the transactions wouldn't be
broken but probably less automatic.  Just one more keypress or click
required, so less convenient.
[Also a place provided to insert "Get a HTTP/1.1 browser now!"...]

Also if deployment of HTTP/1.1 user agents proceeds a lot more quickly
than deployment of HTTP/1.1 proxies, OR if by the time HTTP/1.1 proxies
are used HTTP/1.1 browsers have been upgraded to understand 303, this
will effect few(er) users.


   Klaus

Received on Friday, 5 September 1997 13:51:04 UTC