Re: Browser Interpretation of Location: Header

Content-Description: text

Jim Killian says:

     I'd be interested if there is concensus on this one.  I have a CGI program
     for processing forms which, upon successful submission (i.e., POSTing),
     issues a Location header, as follows:
     That's it.  The server issues a 302 return code.
	[behaviour of products deleted]
     I've reviewed the HTTP spec, but it was not clear what is the correct
     behavior here.  Should the browser interpret any redirection as a GET (as
     Netscape and Mosaic do), OR, maintain the same operation (in this case,
     POST) ?  In fact, am I (technically) abusing the ability to override the
     Location header by using this methodology.  Should I be returning a status
     code or something?
Looking at section 6.2.3 of the HTTP/1.0 spec dated August 13 1995, it would
appear that the POST method should be used for the redirected request, with
the same data.

	If the 302 status code is received in response to a request using the
	POST method, the user agent must not automatically redirect the request 	unless it can be confirmed by the user, since this might change the 
	conditions under which the request is issued.

That means to me that if a POST is redirected by a 302 it should be redirected 
as a POST with the user's consent or not redirected at all.


Received on Thursday, 31 August 1995 18:05:05 UTC