W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2010

[whatwg] <form method="DELETE"> and 307 redirects

From: Ian Hickson <ian@hixie.ch>
Date: Fri, 12 Feb 2010 05:10:55 +0000 (UTC)
Message-ID: <Pine.LNX.4.64.1002120505450.29686@ps20323.dreamhostps.com>
On Fri, 4 Dec 2009, Adam Barth wrote:
> The spec lets sites submit forms with PUT or DELETE methods to their 
> origin server.  What happens if the server responds with a 307 redirect 
> to a foreign origin?  Based on my reading of the fetch algorithm, the 
> browser will issue a PUT or DELETE request (respectively) to the foreign 
> origin.  It seems like we want to generate a network error instead.

HTTP already says for 301, 302, and 307 redirects: "If the [...] status 
code is received in response to a request other than GET or HEAD, the user 
agent MUST NOT automatically redirect the request unless it can be 
confirmed by the user, since this might change the conditions under which 
the request was issued".

Do user agents not implement what HTTP specifies here?

Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Thursday, 11 February 2010 21:10:55 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:21 UTC