- From: Henrik Nordstrom <henrik@henriknordstrom.net>
- Date: Fri, 14 Mar 2008 00:12:42 +0100
- To: Julian Reschke <julian.reschke@gmx.de>
- Cc: Mark Nottingham <mnot@mnot.net>, HTTP Working Group <ietf-http-wg@w3.org>
On Thu, 2008-03-13 at 17:11 +0100, Julian Reschke wrote: > "Deprecate 305 Use Proxy status code, because user agents did not > implement it. It used to indicate that the requested resource must be > accessed through the proxy given by the Location field. The Location > field gave the URI of the proxy. The recipient was expected to repeat > this single request via the proxy. (Section 9.3.6)" It has failed mainly because it isn't clearly defined if 305 is a hop-by-hop redirection, or an end-to-end redirection. 2616 cleared some of that, but still there is a lot of confusion about what 305 is supposed to be used for. The only meaningful definition I can see of 305 is as a hop-by-hop redirection, with the added security restrictions that 305 messages must not be accepted if received from a proxy. Also it's a feature with very little practical use. The same functionality is easily achieved using resource URLs to surrogate servers instead, which most people find cleaner. Additionally the security implications of getting 305 even the slightest wrong can be very significant. I am fine with deprecating 305 as "never implemented", moving it's definition to an appendix explaining the differences between 2616 and 2616bis. Regards Henrik
Received on Thursday, 13 March 2008 23:14:03 UTC