[Zope3-dev] RFC: Use 303 redirects by default
Jim Fulton
jim@zope.com
Tue, 11 Jun 2002 19:57:13 -0400
"Phillip J. Eby" wrote:
>
> At 07:25 PM 6/11/02 +0100, Steve Alexander wrote:
> >See:
> >
> >http://dev.zope.org/Wikis/DevSite/Projects/ComponentArchitecture/Use303Redi
> rectsByDefault
> >
> >Comments welcome.
> >
>
> I don't get this at all. It looks like this change will break for Netscape
> 4.x, with no compensating benefit. Why do it?
Dude, did you read the RFC?
"If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request
unless it can be confirmed by the user, since this might change the conditions under which the request was issued.
Note: RFC 1945 and RFC 2068 specify that the client is not allowed
to change the method on the redirected request. However, most
existing user agent implementations treat 302 as if it were a 303
response, performing a GET on the Location field-value regardless
of the original request method. The status codes 303 and 307 have
been added for servers that wish to make unambiguously clear which
kind of reaction is expected of the client.
"
Our current use of a 302 violates the spec.
> Do we *want* manual
> verification of redirected POST?
No.
> Every existing usage that I know of in
> Zope (and in my apps) of redirect is intended to NOT have a manual
> verification.
Right.
> Since the "de facto" interpretation of 302 works correctly -
> for what we *want* it to do - why change to another code that doesn't work
> with browsers "in the field"? Do we believe that some future browser
> versions will implement 302 correctly, and thus break our current
> functionality?
Some browsers (well, w3 ;) currently whine (as they should) about getting a 302 from a
POST,
Jim
--
Jim Fulton mailto:jim@zope.com Python Powered!
CTO (888) 344-4332 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org