Re: X-HTTP-Method-Override request header

On 2013-11-06 06:35, Robin Berjon wrote:
>>> Redirects should certainly be fixed so as to ignore the "safe methods"
>>> requirement from HTTP (or HTTP should be fixed to provide better
>>> advice).
>>> Note that the issue is not just prompting, but also switching the method
>>> from PUT/DELETE to GET.
>>>
>>> Why just 307 and not 301-3,8?
>>
>> Because only 307/308 preserve the method.
>
> Ah, so you meant 307-8. It's not clear to me that (if compatibly
> possible) the method shouldn't be preserved for 301-3 too, under XHR.
> Method changing is certainly surprising to developers.

HTTPbis requires changing the method to GET for 303. HTTPbis *allows* 
rewriting POST to GET for 301 and 302, because that's what browsers do. 
It doesn't allow rewriting anything else, and I believe most browsers 
have been fixed by now (IE never had that problem).

> Firefox changes POST to GET but not DELETE or PUT for 301-2; it changes
> all three for 303; none for 307-8. (It also prompts a lot.)
>
> Safari changes all of POST, DELETE, and PUT to GET for 301-3 and 308 but
> not 307. It doesn't prompt.

Yes, buggy Safari.

> Chrome changes POST to GET but not DELETE or PUT for 301-2; changes all
> three for 303 and 308; none for 307. It doesn't prompt.
>
> I haven't checked IE but I'm pretty sure it has a fourth combination.
> The only thing that seems consistent is that POST gets changed to GET
> for 301 and 302; the rest is an unreliable mess.

No, everything else is as specified as per HTTPbis, except for Apple's 
broken browser.

Best regards, Julian

Received on Thursday, 7 November 2013 15:04:51 UTC