- From: Adam Barth <ietf@adambarth.com>
- Date: Thu, 19 Aug 2010 15:44:48 -0700
- To: "Roy T. Fielding" <fielding@gbiv.com>
- Cc: Mark Pauley <mpauley@apple.com>, Julian Reschke <julian.reschke@gmx.de>, httpbis <ietf-http-wg@w3.org>, Maciej Stachowiak <mjs@apple.com>
On Thu, Aug 19, 2010 at 3:37 PM, Roy T. Fielding <fielding@gbiv.com> wrote: > On Aug 19, 2010, at 3:20 PM, Adam Barth wrote: >> If you think that 307 redirects are a security vulnerability, then >> should should remove them from the protocol. Trying to atone for the >> security sins of the protocol by punting security to the user is >> security theater. > > Using the Internet is a security vulnerability, yet there are sufficient > trade-offs to justify it. The same goes for redirecting an unsafe > method if and only if the redirection has been preconfigured or > acknowledged by the user. How that is arranged is not defined by > the protocol -- it is left up to the user agent developer to decide > on their own user interface *if* they want to autoredirect an unsafe > method. The draft says: [[ Otherwise, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user ]] If the user agent developer can choose whether or not to autoredirect an unsafe method, in what sense is this requirement a MUST NOT? Adam
Received on Thursday, 19 August 2010 22:45:43 UTC