[Zope3-dev] Redirects
Tres Seaver
tseaver@zope.com
25 Jan 2003 21:21:30 -0500
On Sat, 2003-01-25 at 18:57, Adrian van den Dries wrote:
> I just want to raise a small niggle I have about an idiom I always see
> in Zope development (and in web development in general) -- redirects
> after POSTs.
>
> RFC 2068, section 10.3.2 states:
>
> If the 301 status code is received in response to a request other
> than GET or HEAD, the user agent MUST NOT automatically redirect the
> request unless it can be confirmed by the user, since this might
> change the conditions under which the request was issued.
>
> Note: When automatically redirecting a POST request after
> receiving a 301 status code, some existing HTTP/1.0 user agents
> will erroneously change it into a GET request.
>
> Ditto 302.
>
> Note that most browsers are in violation of this specification and are
> happy to redirect you, but that is not an excuse to do this.
>
> I would propose that instead of ``response.redirect(...)`` you instead
> return the content of the object you want to redirect to. This would
> be more correct.
You then have the bad case of having the URL which the user can see in
the browser not correspond to the page being viewed. For instance, if
you posted to '/path/to/document/document_edit', the logical thing to do
is to redirect to '/path/to/document/document_view', perhaps with a URL
parameter which includes a status message; otherwise the user ends up
viewing the page in the wrong context (and can't therefore reload the
page to see other updates).
Newer versions of the spec detail using "303 See Other" for this
purpose. From RFC 2616:
10.3.4 303 See Other
The response to the request can be found under a different URI and
SHOULD be retrieved using a GET method on that resource. This method
exists primarily to allow the output of a POST-activated script to
redirect the user agent to a selected resource. The new URI is not a
substitute reference for the originally requested resource. The 303
response MUST NOT be cached, but the response to the second
(redirected) request might be cacheable.
The different URI SHOULD be given by the Location field in the
response. Unless the request method was HEAD, the entity of the
response SHOULD contain a short hypertext note with a hyperlink to
the new URI(s).
Note: Many pre-HTTP/1.1 user agents do not understand the 303
status. When interoperability with such clients is a concern, the
302 status code may be used instead, since most user agents react
to a 302 response as described here for 303.
Tres.
--
===============================================================
Tres Seaver tseaver@zope.com
Zope Corporation "Zope Dealers" http://www.zope.com