Re: #160: Redirects and non-GET methods

On 2011-07-18 01:37, Adam Barth wrote:
> On Sun, Jul 17, 2011 at 4:16 AM, Mark Nottingham<mnot@mnot.net>  wrote:
>> <http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160>
>>
>> I've just tested the latest iterations of the browsers, with the following results:
>>
>> • Safari/533.21.1 - all 301, 302, 307 rewritten to GET; 303 methods are preserved
>> • Firefox/5.0.1 - all 301, 302 rewritten to GET; 303 and 307 methods are preserved
>> • Chrome/14.0.814.0 - all 301, 302 rewritten to GET; 303 and 307 methods are preserved
>> • Opera/11.50 - all 301, 302 rewritten to GET; 303 methods are preserved; 307 tests crash the browser
>> • MSIE/9.0 (latest) - all 301, 302 methods preserved except POST (changed to GET); all 303, 307 methods are preserved
>>
>> So, many browsers rewrite many methods to GET on 301 and 302. whereas most browsers preserve methods on 303 and 307*.
>>
>> We *could* codify this practice. However, as Julian notes in the bug, the fact that IE doesn't rewrite anything except POST is an existence proof (and a fairly large one) that it's workable to not rewrite the method on non-POST methods.
>>
>> So, I'm inclined to agree that we could address this by changing 301 an 302 to note that POST is rewritten to GET; it's a smaller change, although it would require changes in more browsers.
>>
>> Thoughts? Especially from browser people?
>
> w.r.t. Chrome's behavior, specifically, our intent was to match
> Firefox, which it looks like we've succeeded at.
>
>> From the table above, I would recommend that Safari change to not
> rewrite 307 because that seems to both violate the intent of 307 and

+1.

> to align better with other user agents.  With that change (modulo
> crashes!), all the non-IE browsers would behave the same way, which is
> a collectively stable equilibrium that I wouldn't recommend
> disrupting.

I intend to submit a patch for Firefox restricting the method rewriting 
to POST.

> ...

Best regards, Julian

Received on Monday, 18 July 2011 07:04:19 UTC