[Zope3-dev] Redirects

[Tres Seaver]

On Sat, 2003-01-25 at 18:57, Adrian van den Dries wrote:
> I just want to raise a small niggle I have about an idiom I always see
> in Zope development (and in web development in general) -- redirects
> after POSTs.
> 
> RFC 2068, section 10.3.2 states:
> 
>   If the 301 status code is received in response to a request other
>   than GET or HEAD, the user agent MUST NOT automatically redirect the
>   request unless it can be confirmed by the user, since this might
>   change the conditions under which the request was issued.
> 
>     Note: When automatically redirecting a POST request after
>     receiving a 301 status code, some existing HTTP/1.0 user agents
>     will erroneously change it into a GET request.
> 
> Ditto 302.
> 
> Note that most browsers are in violation of this specification and are
> happy to redirect you, but that is not an excuse to do this.
> 
> I would propose that instead of ``response.redirect(...)`` you instead
> return the content of the object you want to redirect to.  This would
> be more correct.

You then have the bad case of having the URL which the user can see in
the browser not correspond to the page being viewed.  For instance, if
you posted to '/path/to/document/document_edit', the logical thing to do
is to redirect to '/path/to/document/document_view', perhaps with a URL
parameter which includes a status message;  otherwise the user ends up
viewing the page in the wrong context (and can't therefore reload the
page to see other updates).

Newer versions of the spec detail using "303  See Other" for this
purpose.  From RFC 2616:

  10.3.4 303 See Other

   The response to the request can be found under a different URI and
   SHOULD be retrieved using a GET method on that resource. This method
   exists primarily to allow the output of a POST-activated script to
   redirect the user agent to a selected resource. The new URI is not a
   substitute reference for the originally requested resource. The 303
   response MUST NOT be cached, but the response to the second
   (redirected) request might be cacheable.

   The different URI SHOULD be given by the Location field in the
   response. Unless the request method was HEAD, the entity of the
   response SHOULD contain a short hypertext note with a hyperlink to
   the new URI(s).

      Note: Many pre-HTTP/1.1 user agents do not understand the 303
      status. When interoperability with such clients is a concern, the
      302 status code may be used instead, since most user agents react
      to a 302 response as described here for 303.


Tres.
-- 
===============================================================
Tres Seaver                                tseaver@zope.com
Zope Corporation      "Zope Dealers"       http://www.zope.com