[whatwg/fetch] [Question] What is the expected behavior for reusing the Request body in a HTTP redirect fetch (status code 307 / 308)? (Issue #1662) from Tianxing Yang on 2023-05-26 (public-webapps-github@w3.org from May 2023)

From: Tianxing Yang <notifications@github.com>
Date: Fri, 26 May 2023 02:25:49 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/issues/1662@github.com>

I am performing maintenance work for some some internal implementation of the `fetch` API for the company I am working in. Recently I discovered some bugs of that implementation related to HTTP redirect fetches with a `POST` request and a 3xx return code, and I am working on fixing them.

The typical use case is as follows:

1. The user makes a `POST` request to **xxx.com** with a body `12345`
2. **xxx.com** returns a **3XX** return code and the new URL **yyy.com** to redirect to
3. The user then requests **yyy.com** with the `POST` request and the same body `12345`

---

My major confusion arises when I discovered bugs related to the **307** and **308** return codes.

Basically, MDN says this for [307](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/307):
> The only difference between 307 and [302](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/302) is that 307 guarantees that the method and the body will not be changed when the redirected request is made.

And for [308](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/308):
> The request method and the body will not be altered, whereas [301](https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/301) may incorrectly sometimes be changed to a [GET](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/GET) method.

But the [Fetch Spec](https://fetch.spec.whatwg.org/#http-redirect-fetch) suggests otherwise:
> 11. If internalResponse’s [status](https://fetch.spec.whatwg.org/#concept-response-status) is not 303, request’s [body](https://fetch.spec.whatwg.org/#concept-request-body) is non-null, and request’s [body](https://fetch.spec.whatwg.org/#concept-request-body)’s [source](https://fetch.spec.whatwg.org/#concept-body-source) is null, then return a [network error](https://fetch.spec.whatwg.org/#concept-network-error).

This is my interpretation:

* For 307 and 308 status codes, MDN suggests that the same _method_ and same _body_ shall be used for the subsequent access to the redirected URL.
* But in fetch spec, if I follow the "HTTP-redirect fetch" item 11 (as given above), then it would end up in _network error_.

---

So my question arises here: **What is the expected behavior for reusing the Request body in a HTTP redirect fetch (307 / 308 return codes)?**


-- 
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1662
You are receiving this because you are subscribed to this thread.

Message ID: <whatwg/fetch/issues/1662@github.com>

Received on Friday, 26 May 2023 09:25:54 UTC