- From: Mark Nottingham <mnot@mnot.net>
- Date: Fri, 20 Aug 2010 11:15:09 +1000
- To: Adam Barth <ietf@adambarth.com>
- Cc: httpbis <ietf-http-wg@w3.org>, Maciej Stachowiak <mjs@apple.com>
Thanks for reminding us of this, Adam. When you brought it up in Maastricht, we created: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/238 Cheers, On 19/08/2010, at 7:27 AM, Adam Barth wrote: > http://tools.ietf.org/html/draft-ietf-httpbis-p2-semantics-11#section-8.3.8 says > > [[ > If the 307 status code is received in response to a request method > that is known to be "safe", as defined in Section 7.1.1, then the > request MAY be automatically redirected by the user agent without > confirmation. Otherwise, the user agent MUST NOT automatically > redirect the request unless it can be confirmed by the user, since > this might change the conditions under which the request was issued. > ]] > > As has been pointed out by multiple folks on multiple occasions, this > requirement should be removed for the following reasons: > > 1) HTTP ought not to impose constraints on the user agent's user > interface. This requirement is not appropriate for all user agents, > for example a GPS navigation unit in a car. > 2) This requirement does not reflect reality. A number of widely used > user agents disregard this requirement. > 3) This requirement is actively harmful to interoperability. Web > sites cannot reliably use 307 redirects because it triggers awful UI > mandated by this requirement in some user agents. > > The only counter rationale I've seen on this list is that the > requirement is actually meaningless under a theory of > "pre-confirmation." If the requirement is meaningless, that means we > should remove it as well. > > Kindly remove the requirement. > > Adam > -- Mark Nottingham http://www.mnot.net/
Received on Friday, 20 August 2010 01:15:43 UTC