RE: HTTP Redirect bug - more info from Fox One on 2000-04-20 (www-amaya@w3.org from April to June 2000)

From: Fox One <rockman66_1999@yahoo.com>
Date: Thu, 20 Apr 2000 12:27:40 -0700 (PDT)
To: www-amaya@w3.org
Message-ID: <20000420192740.6959.qmail@web4301.mail.yahoo.com>

Oops. I was wrong then. Perhaps Yahoo! Mail was
designed to work with Netscape's misinterpretation
of the standard. 

Couldn't Amaya have an option that the user could
set to emulate this misbehavior? 

It might be named something like this:
"Emulate broken redirects."

Although the behavior is wrong, it would give users
a chance to visit broken websites. 

--- Dave  J Woolley <DJW@bts.co.uk> wrote:
> > From:	Fox One [SMTP:rockman66_1999@yahoo.com]
> > 
> > When submitting a form using the POST method, 
> > if Amaya receives a redirect HTTP header, it
> > tries to POST to that URL also. In other words,
> > Amaya does the following:
> > 
> > HTTP out: POST: <url to cgi script>
> > HTTP  in: <redirect to new url - an HTML document>
> > HTTP out: POST: <url of HTML document>
> > 
> > The last POST is incorrect. Amaya should try a 
> > GET for that document:
> > 
> 	[DJW:]  
> 	No it should not.  Status 301 and 302 redirects 
> 	are supposed to be issued with the same method as
> 	the original request.  Broken behaviour in some
> 	browsers resulted in a lot or content authors who
> 	didn't read the specs using 302 to redirect to 
> 	a confirmation page.  As such redirects to GET were
> 	clearly needed, status 303 was added to cover them,
> 	in an early draft of HTTP 1.1 (if you just return
> 	Location:, but no Status: in a CGI script, you get
> 	a 302 redirect, or an internal redirect).
> 
> 	Because of the existence of broken browsers, status
> 	307 redirects were added in later drafts of HTTP
> 1.1.
> 	This means the same as 302, for conforming
> browsers, but
> 	makes it clear that you don't want the browser to 
> 	assume that you were expecting broken 302
> behaviour.
> 
> 	If your application requires reliable redirect from
> POST
> 	to GET, it must return a 303 status.  Because of
> 	the misimplementations, using 302 for a POST is
> unsafe,
> 	although you should use it for GET.
> 
> 

__________________________________________________
Do You Yahoo!?
Send online invitations with Yahoo! Invites.
http://invites.yahoo.com

Received on Thursday, 20 April 2000 15:28:16 UTC