Review Request 115651: Fix HTTP redirection handling (3XX status code)
Andrea Iacovitti
aiacovitti at libero.it
Wed Feb 12 17:10:49 GMT 2014
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/115651/#review49669
-----------------------------------------------------------
As stated in the bug report it is also true that every other browsers rewrite POST method to GET when following 301/302 redirections. This behavior could also be verified in curl by issuing the following commands:
curl -L --data "fakepostdata" http://greenbytes.de/tech/tc/httpredirects/redirect_with_status.cgi?301
curl -L --data "fakepostdata" http://greenbytes.de/tech/tc/httpredirects/redirect_with_status.cgi?302
We could/should do the same for compatibility.
In that case the snippet of code that handles 301-303 http status codes may assume this form:
} else if (m_request.responseCode >= 301 && m_request.responseCode<= 303) {
// NOTE: This is wrong according to RFC 2616 (section 10.3.[2-4,8]).
// However, because almost all client implementations treat a 301/302
// response as a 303 response in violation of the spec, many servers
// have simply adapted to this way of doing things! Thus, we are
// forced to do the same thing. Otherwise, we loose compatibility and
// might not be able to correctly retrieve sites that redirect.
if (m_request.responseCode == 301) { // Moved permanently
setMetaData(QLatin1String("permanent-redirect"), QLatin1String("true"));
if (m_request.method == HTTP_POST) {
m_request.method = HTTP_GET; // FORCE a GET
setMetaData(QLatin1String("redirect-to-get"), QLatin1String("true"));
}
} else if (m_request.responseCode == 302) { // Moved temporarily
if (m_request.method == HTTP_POST) {
m_request.method = HTTP_GET; // FORCE a GET
setMetaData(QLatin1String("redirect-to-get"), QLatin1String("true"));
}
} else { // 303 See Other
if (m_request.method != HTTP_HEAD) {
m_request.method = HTTP_GET; // FORCE a GET
setMetaData(QLatin1String("redirect-to-get"), QLatin1String("true"));
}
}
}
...or something like that.
- Andrea Iacovitti
On Feb. 11, 2014, 10:28 a.m., Dawit Alemayehu wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/115651/
> -----------------------------------------------------------
>
> (Updated Feb. 11, 2014, 10:28 a.m.)
>
>
> Review request for kdelibs, Andreas Hartmetz and David Faure.
>
>
> Bugs: 330795
> http://bugs.kde.org/show_bug.cgi?id=330795
>
>
> Repository: kdelibs
>
>
> Description
> -------
>
> The attached patch fixes how we handle HTTP redirection. Currently KIO does not correctly handle a "303 See Other" response. Instead of converting the redirection request to a GET operation as specified in the RFC, KIO simply repeats the same operation with the redirect URL. Additionally, KIO does not handle redirection of a delete operation that is handled internally.
>
>
> Diffs
> -----
>
> kio/DESIGN.metadata 1351119
> kio/kio/accessmanager.cpp 7a806e8
> kio/kio/job.cpp 13107c2
> kioslave/http/http.cpp b13eed1
>
> Diff: https://git.reviewboard.kde.org/r/115651/diff/
>
>
> Testing
> -------
>
> Run tests at
>
> http://greenbytes.de/tech/tc/httpredirects/t301methods.html
> http://greenbytes.de/tech/tc/httpredirects/t302methods.html
> http://greenbytes.de/tech/tc/httpredirects/t303methods.html
>
>
> Thanks,
>
> Dawit Alemayehu
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20140212/221f2396/attachment.htm>
More information about the kde-core-devel
mailing list