Re: Protocols/APIs and redirects

On 2011-12-07 01:20, Roy T. Fielding wrote:
> On Dec 6, 2011, at 4:12 AM, Julian Reschke wrote:
>> On 2011-12-06 12:56, Amos Jeffries wrote:
>>> On 7/12/2011 12:14 a.m., Anne van Kesteren wrote:
>>>> When we design APIs (XMLHttpRequest) and protocols (CORS) that support
>>>> transparent redirects (redirects automatically followed by the API)
>>>> what exactly should count as a redirect as far as they are concerned?
>>>> Everything in the 3xx range that contains a Location header?
>>>> E.g. for some part of CORS
>>>> we explicitly fail if the response code is 301, 302, 303, or 307,
>>>> because we want the ability to support transparent redirects going
>>>> forward. Should we also fail if the response code is 310?
>>> HTTP has always specified that any unknown code is to be treated as if
>>> it was the x00 status of the matching numeric group. This has not changed.
>>> For the 3xx group 300 is defined as representing any one or more
>>> alternatives. If a Location header is present it is the alternative
>>> location of one representation, and MAY be used for automatic redirection.
>>> ...
>> Well, at least for 3xx, this seems to be the worst possible choice. It makes it extremely hard to introduce any new 3xx code which is not identical to 300.
> I disagree.  All 3xx codes are redirects and only some of those MAY
> be followed with automatic redirection -- the ones with a Location
> header field indicating the preferred redirect target.  The default
> behavior applies if the recipient does not know the new code.
> ...


"If the server has a preferred choice of representation, it SHOULD 
include the specific URI for that representation in the Location field; 
user agents MAY use the Location field value for automatic redirection."

So for new 3xx responses that come with "Location", UAs MAY use it for 
automatic redirection. But then, they don't have to.

Best regards, Julian

Received on Wednesday, 7 December 2011 08:46:55 UTC