* WGs marked with an * asterisk has had at least one new draft made available during the last 5 days

Changeset 1534


Ignore:
Timestamp:
2012-02-08 00:25:34 (2 years ago)
Author:
julian.reschke@gmx.de
Message:

Replace normative requirements on redirect on unsafe methods with prose advice (see #238)

Location:
draft-ietf-httpbis/latest
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • draft-ietf-httpbis/latest/p2-semantics.html

    r1528 r1534  
    460460  }  
    461461  @bottom-center { 
    462        content: "Expires August 10, 2012";  
     462       content: "Expires August 11, 2012";  
    463463  }  
    464464  @bottom-right { 
     
    512512      <meta name="dct.creator" content="Reschke, J. F."> 
    513513      <meta name="dct.identifier" content="urn:ietf:id:draft-ietf-httpbis-p2-semantics-latest"> 
    514       <meta name="dct.issued" scheme="ISO8601" content="2012-02-07"> 
     514      <meta name="dct.issued" scheme="ISO8601" content="2012-02-08"> 
    515515      <meta name="dct.replaces" content="urn:ietf:rfc:2616"> 
    516516      <meta name="dct.abstract" content="The Hypertext Transfer Protocol (HTTP) is an application-level protocol for distributed, collaborative, hypertext information systems. HTTP has been in use by the World Wide Web global information initiative since 1990. This document is Part 2 of the seven-part specification that defines the protocol referred to as &#34;HTTP/1.1&#34; and, taken together, obsoletes RFC 2616. Part 2 defines the semantics of HTTP messages as expressed by request methods, request header fields, response status codes, and response header fields."> 
     
    543543            </tr> 
    544544            <tr> 
    545                <td class="left">Expires: August 10, 2012</td> 
     545               <td class="left">Expires: August 11, 2012</td> 
    546546               <td class="right">HP</td> 
    547547            </tr> 
     
    596596            <tr> 
    597597               <td class="left"></td> 
    598                <td class="right">February 7, 2012</td> 
     598               <td class="right">February 8, 2012</td> 
    599599            </tr> 
    600600         </tbody> 
     
    626626         in progress”. 
    627627      </p> 
    628       <p>This Internet-Draft will expire on August 10, 2012.</p> 
     628      <p>This Internet-Draft will expire on August 11, 2012.</p> 
    629629      <h1><a id="rfc.copyrightnotice" href="#rfc.copyrightnotice">Copyright Notice</a></h1> 
    630630      <p>Copyright © 2012 IETF Trust and the persons identified as the document authors. All rights reserved.</p> 
     
    18781878      <p id="rfc.section.7.3.p.4">A Location header field on a 3xx response indicates that a client <em class="bcp14">MAY</em> automatically redirect to the URI provided; see <a href="#header.location" id="rfc.xref.header.location.3" title="Location">Section&nbsp;9.5</a>. 
    18791879      </p> 
    1880       <p id="rfc.section.7.3.p.5">Clients <em class="bcp14">SHOULD</em> detect and intervene in cyclical redirections (i.e., "infinite" redirection loops). 
    1881       </p> 
    1882       <div class="note" id="rfc.section.7.3.p.6">  
     1880      <p id="rfc.section.7.3.p.5">Note that for methods not known to be "safe", as defined in <a href="#safe.methods" title="Safe Methods">Section&nbsp;6.1.1</a>, automatic redirection needs to done with care, since the redirect might change the conditions under which the request was 
     1881         issued. 
     1882      </p> 
     1883      <p id="rfc.section.7.3.p.6">Clients <em class="bcp14">SHOULD</em> detect and intervene in cyclical redirections (i.e., "infinite" redirection loops). 
     1884      </p> 
     1885      <div class="note" id="rfc.section.7.3.p.7">  
    18831886         <p> <b>Note:</b> An earlier version of this specification recommended a maximum of five redirections (<a href="#RFC2068" id="rfc.xref.RFC2068.2"><cite title="Hypertext Transfer Protocol -- HTTP/1.1">[RFC2068]</cite></a>, <a href="http://tools.ietf.org/html/rfc2068#section-10.3">Section 10.3</a>). Content developers need to be aware that some clients might implement such a fixed limitation. 
    18841887         </p>  
     
    19101913         the new URI(s). 
    19111914      </p> 
    1912       <p id="rfc.section.7.3.2.p.4">If the 301 status code is received in response to a request method that is known to be "safe", as defined in <a href="#safe.methods" title="Safe Methods">Section&nbsp;6.1.1</a>, then the request <em class="bcp14">MAY</em> be automatically redirected by the user agent without confirmation. Otherwise, the user agent <em class="bcp14">MUST NOT</em> automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which 
    1913          the request was issued. 
    1914       </p> 
    1915       <div class="note" id="rfc.section.7.3.2.p.5">  
     1915      <div class="note" id="rfc.section.7.3.2.p.4">  
    19161916         <p> <b>Note:</b> For historic reasons, user agents <em class="bcp14">MAY</em> change the request method from POST to GET for the subsequent request. If this behavior is undesired, status code 307 (Temporary 
    19171917            Redirect) can be used instead. 
     
    19261926         the new URI(s). 
    19271927      </p> 
    1928       <p id="rfc.section.7.3.3.p.3">If the 302 status code is received in response to a request method that is known to be "safe", as defined in <a href="#safe.methods" title="Safe Methods">Section&nbsp;6.1.1</a>, then the request <em class="bcp14">MAY</em> be automatically redirected by the user agent without confirmation. Otherwise, the user agent <em class="bcp14">MUST NOT</em> automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which 
    1929          the request was issued. 
    1930       </p> 
    1931       <div class="note" id="rfc.section.7.3.3.p.4">  
     1928      <div class="note" id="rfc.section.7.3.3.p.3">  
    19321929         <p> <b>Note:</b> For historic reasons, user agents <em class="bcp14">MAY</em> change the request method from POST to GET for the subsequent request. If this behavior is undesired, status code 307 (Temporary 
    19331930            Redirect) can be used instead. 
     
    19721969         the new URI(s). 
    19731970      </p> 
    1974       <p id="rfc.section.7.3.7.p.3">If the 307 status code is received in response to a request method that is known to be "safe", as defined in <a href="#safe.methods" title="Safe Methods">Section&nbsp;6.1.1</a>, then the request <em class="bcp14">MAY</em> be automatically redirected by the user agent without confirmation. Otherwise, the user agent <em class="bcp14">MUST NOT</em> automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which 
    1975          the request was issued. 
    1976       </p> 
    1977       <div class="note" id="rfc.section.7.3.7.p.4">  
     1971      <div class="note" id="rfc.section.7.3.7.p.3">  
    19781972         <p> <b>Note:</b> This status code is similar to 302 Found, except that it does not allow rewriting the request method from POST to GET. This 
    19791973            specification defines no equivalent counterpart for 301 Moved Permanently. 
     
    30563050      <p id="rfc.section.A.p.5">Broadened the definition of 203 (Non-Authoritative Information) to include cases of payload transformations as well. (<a href="#status.203" id="rfc.xref.status.203.3" title="203 Non-Authoritative Information">Section&nbsp;7.2.4</a>) 
    30573051      </p> 
    3058       <p id="rfc.section.A.p.6">Removed the normative requirements on response payloads for status codes 301, 302, and 307. (<a href="#status.3xx" title="Redirection 3xx">Section&nbsp;7.3</a>) 
     3052      <p id="rfc.section.A.p.6">Status codes 301, 302, and 307: removed the normative requirements on both response payloads and user interaction. (<a href="#status.3xx" title="Redirection 3xx">Section&nbsp;7.3</a>) 
    30593053      </p> 
    30603054      <p id="rfc.section.A.p.7">Failed to consider that there are many other request methods that are safe to automatically redirect, and further that the 
     
    34963490      <p id="rfc.section.C.20.p.1">Closed issues: </p> 
    34973491      <ul> 
     3492         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/238">http://tools.ietf.org/wg/httpbis/trac/ticket/238</a>&gt;: "Requirements for user intervention during redirects" 
     3493         </li> 
    34983494         <li> &lt;<a href="http://tools.ietf.org/wg/httpbis/trac/ticket/302">http://tools.ietf.org/wg/httpbis/trac/ticket/302</a>&gt;: "Misplaced text on connection handling in p2" 
    34993495         </li> 
  • draft-ietf-httpbis/latest/p2-semantics.xml

    r1526 r1534  
    16951695</t> 
    16961696<t> 
     1697   Note that for methods not known to be "safe", as defined in <xref target="safe.methods"/>, 
     1698   automatic redirection needs to done with care, since the redirect might 
     1699   change the conditions under which the request was issued. 
     1700</t> 
     1701<t> 
    16971702   Clients &SHOULD; detect and intervene in cyclical redirections (i.e., 
    16981703   "infinite" redirection loops). 
     
    17581763   hyperlink to the new URI(s). 
    17591764</t> 
    1760 <t> 
    1761    If the 301 status code is received in response to a request method 
    1762    that is known to be "safe", as defined in <xref target="safe.methods"/>, 
    1763    then the request &MAY; be automatically redirected by the user agent without 
    1764    confirmation.  Otherwise, the user agent &MUST-NOT; automatically redirect the 
    1765    request unless it can be confirmed by the user, since this might 
    1766    change the conditions under which the request was issued. 
    1767 </t> 
    17681765<x:note> 
    17691766  <t> 
     
    17881785   response. A response payload can contain a short hypertext note with a 
    17891786   hyperlink to the new URI(s). 
    1790 </t> 
    1791 <t> 
    1792    If the 302 status code is received in response to a request method 
    1793    that is known to be "safe", as defined in <xref target="safe.methods"/>, 
    1794    then the request &MAY; be automatically redirected by the user agent without 
    1795    confirmation.  Otherwise, the user agent &MUST-NOT; automatically redirect the 
    1796    request unless it can be confirmed by the user, since this might 
    1797    change the conditions under which the request was issued. 
    17981787</t> 
    17991788<x:note> 
     
    18791868   response. A response payload can contain a short hypertext note with a 
    18801869   hyperlink to the new URI(s). 
    1881 </t> 
    1882 <t> 
    1883    If the 307 status code is received in response to a request method 
    1884    that is known to be "safe", as defined in <xref target="safe.methods"/>, 
    1885    then the request &MAY; be automatically redirected by the user agent without 
    1886    confirmation.  Otherwise, the user agent &MUST-NOT; automatically redirect the 
    1887    request unless it can be confirmed by the user, since this might 
    1888    change the conditions under which the request was issued. 
    18891870</t> 
    18901871<x:note> 
     
    38983879</t> 
    38993880<t> 
    3900   Removed the normative requirements on response payloads for status codes 
    3901   301, 302, and 307. 
     3881  Status codes 301, 302, and 307: removed the normative requirements on both 
     3882  response payloads and user interaction. 
    39023883  (<xref target="status.3xx"/>) 
    39033884</t> 
     
    46734654  <list style="symbols">  
    46744655    <t> 
     4656      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/238"/>: 
     4657      "Requirements for user intervention during redirects" 
     4658    </t> 
     4659    <t> 
    46754660      <eref target="http://tools.ietf.org/wg/httpbis/trac/ticket/302"/>: 
    46764661      "Misplaced text on connection handling in p2" 
Note: See TracChangeset for help on using the changeset viewer.