- From: Mark Baker <distobj@acm.org>
- Date: Tue, 11 Oct 2005 14:17:35 -0400
- To: Yves Lafon <ylafon@w3.org>
- Cc: xml-dist-app@w3.org
Yves, On Tue, Oct 11, 2005 at 06:31:23PM +0200, Yves Lafon wrote: > Here is a quote from rfc2616 regarding 301 (it applies also to 302 and > 307): > <<< > If the 301 status code is received in response to a request other > than GET or HEAD, the user agent MUST NOT automatically redirect the > request unless it can be confirmed by the user, since this might > change the conditions under which the request was issued. > >>> > > As the redirect handling is done at the SOAP level, everything is OK. I don't think so. The reason given, "since this might change the conditions under which the request was issued" still holds, whether SOAP's being used or not. And don't get me started on the notion of a "SOAP level/layer"! 8-O Keep in mind that all agents are "user agents", in that they act on behalf of some human, somewhere. Whether that relationship is up-close and synchronous (e.g. browser & operator), or distant and asynchronous (e.g. Web services client and a remote administrator), the issue is the same in the case of a 30[127] response; an exceptional condition has occurred which requires human intervention. P.S., there's an errata for this chunk of text, though I don't think it's relevant to this issue since POST is not safe; http://skrb.org/ietf/http_errata.html#saferedirect Mark. -- Mark Baker. Ottawa, Ontario, CANADA. http://www.markbaker.ca Coactus; Web-inspired integration strategies http://www.coactus.com
Received on Tuesday, 11 October 2005 18:15:22 UTC