Bug 11265 - redirects from http to https fail
Summary: redirects from http to https fail
Alias: None
Product: WebKit
Classification: Unclassified
Component: Platform (show other bugs)
Version: 420+
Hardware: PC Windows XP
: P2 Major
Assignee: Darin Fisher (:fishd, Google)
Depends on:
Reported: 2006-10-12 10:48 PDT by Darin Fisher (:fishd, Google)
Modified: 2006-11-05 19:22 PST (History)
1 user (show)

See Also:

patch (5.49 KB, patch)
2006-10-12 11:50 PDT, Darin Fisher (:fishd, Google)
mjs: review+
Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Darin Fisher (:fishd, Google) 2006-10-12 10:48:20 PDT
redirects from http to https fail

we need to pass INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTPS in the flags parameter to InternetOpenUrlA.  we probably want to specify INTERNET_FLAG_IGNORE_REDIRECT_TO_HTTP as well, and do so for POST requests as well as GET requests.
Comment 1 Darin Fisher (:fishd, Google) 2006-10-12 11:50:53 PDT
Created attachment 11050 [details]

This patch helps a bunch, but there is still a failure case with redirected POST requests.  For some reason those generate an error of ERROR_HTTP_REDIRECT_NEEDS_CONFIRMATION.  I'm not sure yet how to deal with that error or how to suppress it.  I'm going to file a new bug on it.
Comment 2 Alexey Proskuryakov 2006-10-15 02:54:51 PDT
(In reply to comment #1)
> I'm not sure yet how to deal with that
> error or how to suppress it.  I'm going to file a new bug on it.

Per the HTTP standard, the UA must request confirmation from the user via a dialog box when redirecting POST requests. However, many UAs (including WebKit/Mac) transform the request into a GET, thus avoiding the need to display a dialog box.

See bug 11118 and bug 11119 for some discussion.
Comment 3 Darin Fisher (:fishd, Google) 2006-10-16 08:26:19 PDT
Right, I believe it is necessary to convert POST to GET for 302s in order to be compatible with the web.  However, I'm not sure if that is something that WinInet can be configured to do, or if it is necessary for the app to read the 302 response and issue a fresh GET request.
Comment 4 Maciej Stachowiak 2006-11-05 19:22:15 PST
Comment on attachment 11050 [details]


I'll commit this.
Comment 5 Maciej Stachowiak 2006-11-05 19:22:53 PST