- From: Julian Reschke <julian.reschke@gmx.de>
- Date: Thu, 07 Nov 2013 07:04:19 -0800
- To: Robin Berjon <robin@w3.org>, Anne van Kesteren <annevk@annevk.nl>
- CC: Steve Klabnik <steve@steveklabnik.com>, "www-tag.w3.org" <www-tag@w3.org>
On 2013-11-06 06:35, Robin Berjon wrote: >>> Redirects should certainly be fixed so as to ignore the "safe methods" >>> requirement from HTTP (or HTTP should be fixed to provide better >>> advice). >>> Note that the issue is not just prompting, but also switching the method >>> from PUT/DELETE to GET. >>> >>> Why just 307 and not 301-3,8? >> >> Because only 307/308 preserve the method. > > Ah, so you meant 307-8. It's not clear to me that (if compatibly > possible) the method shouldn't be preserved for 301-3 too, under XHR. > Method changing is certainly surprising to developers. HTTPbis requires changing the method to GET for 303. HTTPbis *allows* rewriting POST to GET for 301 and 302, because that's what browsers do. It doesn't allow rewriting anything else, and I believe most browsers have been fixed by now (IE never had that problem). > Firefox changes POST to GET but not DELETE or PUT for 301-2; it changes > all three for 303; none for 307-8. (It also prompts a lot.) > > Safari changes all of POST, DELETE, and PUT to GET for 301-3 and 308 but > not 307. It doesn't prompt. Yes, buggy Safari. > Chrome changes POST to GET but not DELETE or PUT for 301-2; changes all > three for 303 and 308; none for 307. It doesn't prompt. > > I haven't checked IE but I'm pretty sure it has a fourth combination. > The only thing that seems consistent is that POST gets changed to GET > for 301 and 302; the rest is an unreliable mess. No, everything else is as specified as per HTTPbis, except for Apple's broken browser. Best regards, Julian
Received on Thursday, 7 November 2013 15:04:51 UTC