Re: #328: user Intervention on Redirects

On Tue, 07 Feb 2012 16:14:43 +0100, Julian Reschke <julian.reschke@gmx.de>  
wrote:
> 1) Remove the statements from 301/302/307.
>
> 2) In a single place, explain the risks of automatically redirecting  
> when the new request method is unsafe. Note this applies to *any* kind  
> of following redirects, including future ones (such as 308).
>
> Not sure about where to put the text for 2); does this belong into the  
> description of 3xx or into the Security Considerations?

Can you explain to me the scenario for 2? In particular how a redirect  
makes this more dangerous than just performing the request directly.


-- 
Anne van Kesteren
http://annevankesteren.nl/

Received on Tuesday, 7 February 2012 15:52:26 UTC