- From: Adam Barth <ietf@adambarth.com>
- Date: Wed, 18 Aug 2010 14:27:03 -0700
- To: httpbis <ietf-http-wg@w3.org>
- Cc: Maciej Stachowiak <mjs@apple.com>
http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-11#section-8.3.8 says [[ If the 307 status code is received in response to a request method that is known to be "safe", as defined in Section 7.1.1, then the request MAY be automatically redirected by the user agent without confirmation. Otherwise, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued. ]] As has been pointed out by multiple folks on multiple occasions, this requirement should be removed for the following reasons: 1) HTTP ought not to impose constraints on the user agent's user interface. This requirement is not appropriate for all user agents, for example a GPS navigation unit in a car. 2) This requirement does not reflect reality. A number of widely used user agents disregard this requirement. 3) This requirement is actively harmful to interoperability. Web sites cannot reliably use 307 redirects because it triggers awful UI mandated by this requirement in some user agents. The only counter rationale I've seen on this list is that the requirement is actually meaningless under a theory of "pre-confirmation." If the requirement is meaningless, that means we should remove it as well. Kindly remove the requirement. Adam
Received on Wednesday, 18 August 2010 21:27:59 UTC