Re: Protocols/APIs and redirects

On 06/12/2011, at 10:22 PM, Anne van Kesteren wrote:

> On Tue, 06 Dec 2011 12:14:24 +0100, Anne van Kesteren <> wrote:
>> When we design APIs (XMLHttpRequest) and protocols (CORS) that support transparent redirects (redirects automatically followed by the API) what exactly should count as a redirect as far as they are concerned? Everything in the 3xx range that contains a Location header?
>> E.g. for some part of CORS we explicitly fail if the response code is 301, 302, 303, or 307, because we want the ability to support transparent redirects going forward. Should we also fail if the response code is 310?
>> Should follow redirects for status codes other than 301, 302, 303, and 307? Should it instead treat anything else as a network error so we can more easily extend it in the future? If we do not treat it as a network error the developer would just get back a response with a status code of 310 and the Location header and going forward we could never treat it as any of the "blessed redirects" anymore.
> It seems this question is related to


>> Aside: What happened to ? I could not find the issue.
> I could not find this issue in your database or in the mailing list archives since mnot said he would raise it. It was more or less by chance that I happened to look at it again because I vaguely recalled having raised a redirect issue earlier. I guess I did not use "NEW ISSUE" but then I did not know whether it was an issue when I started the thread. Can someone please fix this now?

Sorry, Anne; I couldn't find it either, so I've just created <>.

The discussion wound up here: <>. As others have mentioned, I don't think there's much we can say about this, other than mentioning it as something that people who define new headers should consider.

Mark Nottingham

Received on Wednesday, 7 December 2011 01:43:29 UTC