- From: Anne van Kesteren <annevk@opera.com>
- Date: Mon, 20 Aug 2007 12:16:38 +0200
- To: "Julian Reschke" <julian.reschke@gmx.de>
- Cc: "Web API WG (public)" <public-webapi@w3.org>
On Sat, 18 Aug 2007 17:05:50 +0200, Julian Reschke <julian.reschke@gmx.de> wrote: > Anne van Kesteren wrote: >> I've heard some use cases from authors who want to handle more response >> codes. For 30x responses and 401 responses. 304 is already addressed by >> XHR1 by letting the author set various headers himself that will let >> the user agent pass through the actual response if it's a 304. However, >> redirects are always transparantly and a 401 will trigger a dialog >> where the user will have to enter credentials. > > Redirects MUST NOT be transparent unless the request method is safe, see > for instance > <http://greenbytes.de/tech/webdav/rfc2616.html#rfc.section.10.3.3.p.3>: > > "If the 302 status code is received in response to a request other than > GET or HEAD, the user agent MUST NOT automatically redirect the request > unless it can be confirmed by the user, since this might change the > conditions under which the request was issued." A yeah, there's a note to that effect even. I haven't tested though if that's actually followed in practice. -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Monday, 20 August 2007 10:16:52 UTC