Re: Redirects and headers

On Jul 5, 2011, at 2:36 AM, Anne van Kesteren wrote:
> And if this decision is entirely up to the APIs, please have the HTTP specification say so. E.g. "Note: Clients will have to decide which headers sent in the original request are used in the request to the redirected location."

Clients always decide what headers are used in a request.  The headers in the original request are only sent in the original request -- there is no connection between the two requests other than the original Location -> new request target and original request URI -> Referer.  Clients don't even have to make a subsequent request.

When a subsequent request is made, the client is probably in the same context as it was for the first request. That means it might still want to use image-specific Accept headers, special cache-control values, or whatever else it might have demanded in the first request.  Likewise, fields like Cookie are dependent on both the most recently set values and the domain of the new target URI.  But I don't have a way to say that in the spec which isn't redundant and useless handwaving, since the relevant header fields are very specific to what kind of client is being used and why the original request was made.

Clients are supposed to know what they want when a request is made.  There are no special protocol requirements here that are imposed on the client, aside from the normal HTTP request requirements.  We could have invented a field that indicates this request is an autofollowed redirect and then we could have mandated such a header field to be used in redirected requests, but there is no such field in HTTP/1.1, and thus if it were to be invented now it would have to be in a separate draft.

....Roy

Received on Tuesday, 5 July 2011 18:30:38 UTC