Re: Redirection inherits METHOD?

Henrik Frystyk Nielsen (frystyk@w3.org)
Mon, 19 Jun 1995 14:18:41 -0400

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Ari Luotonen: "I-D ACTION: draft-luotonen-http-url-byterange-00.txt"
Previous message: David Morris: "Re: Redirection inherits METHOD?"
Maybe in reply to: wmperry@spry.com: "Redirection inherits METHOD?"

 
> It seems to me that default should be to inherit the method. Then define
> an option to alter the method. (is that '303 Method'?). There should
> probably be a SAFE set of method changes which the UA could simply
> perform (POST -> (GET | HEAD) and others which would require the 
> end user to approve (* -> DELETE) some or all of the time. Even 
> inheriting the METHOD might require approval on some re-directs.

In my opinion any change in the conditions for a non-idempotent method
should be advertised to the user, including redirections.

> Alternatively, the server(s) which did the redirect might be
> identified to the server receiving the redirected request.. I'm
> beginning to sense some real security nightmares best left to the
> next version of the standard for carefully thoughout specification.

That's why I think that it actually is easier to have a separate 
status code for when the method has changed. Then (old) clients will
not accidently do the wrong thing.

--

Henrik Frystyk                                          frystyk@W3.org
World-Wide Web Consortium,                              Tel + 1 617 258 8143
MIT/LCS, NE43-356					Fax + 1 617 258 8682
77 Massachusetts Avenue
Cambridge MA 02154, USA

Next message: Ari Luotonen: "I-D ACTION: draft-luotonen-http-url-byterange-00.txt"
Previous message: David Morris: "Re: Redirection inherits METHOD?"
Maybe in reply to: wmperry@spry.com: "Redirection inherits METHOD?"