Summary: | Some HTTP redirects that are required to force user interaction, do not | ||
---|---|---|---|
Product: | WebKit | Reporter: | Mark Rowe (bdash) <mrowe> |
Component: | Page Loading | Assignee: | Nobody <webkit-unassigned> |
Status: | RESOLVED INVALID | ||
Severity: | Normal | CC: | ahanakothari1991, annevk, ap, grahamperrin, mnot |
Priority: | P2 | ||
Version: | 420+ | ||
Hardware: | Mac | ||
OS: | OS X 10.4 | ||
URL: | http://www.mnot.net/javascript/xmlhttprequest/#301GET |
Description
Mark Rowe (bdash)
2006-10-02 04:53:32 PDT
As long as we change the method to GET (bug 11118), we do not need to ask for confirmation AFAICT. Also, I am not sure if I understand what the XMLHttpRequest spec says on the subject: ---------------------------------- If the response is an HTTP redirect (status code 301, 302, 303 or 307), then it must be transparently followed (unless it violates security, infinite loop precautions or the scheme isn't supported). Note that HTTP ([RFC2616]) places requirements on user agents regarding the preservation of the request method during redirects, and also requires users to be notified of certain kinds of automatic redirections. ---------------------------------- The MUST requirement is to follow redirects transparently, and the note might mean that XHR requests do not fully obey RFC2616 (which seems to be the case anyway, according to <http://lists.w3.org/Archives/Public/public-webapi/2006Sep/0002.html>). Or maybe the MUST part refers to the fact that redirection appears transparent to the XMLHttpRequest object, not to the user? FWIW, this requirement is nonsense, since we don't prompt the user for a non-redirected POST either. I recommend implementing the required semantics, but not do any prompting. That's what other user agents implement. |