Review Request 115651: Fix HTTP redirection handling (3XX status code)

Andrea Iacovitti aiacovitti at libero.it
Wed Feb 12 17:10:49 GMT 2014


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://git.reviewboard.kde.org/r/115651/#review49669
-----------------------------------------------------------


As stated in the bug report it is also true that every other browsers rewrite POST method to GET when following 301/302 redirections. This behavior could also be verified in curl by issuing the following commands:
curl -L --data "fakepostdata" http://greenbytes.de/tech/tc/httpredirects/redirect_with_status.cgi?301
curl -L --data "fakepostdata" http://greenbytes.de/tech/tc/httpredirects/redirect_with_status.cgi?302
We could/should do the same for compatibility.
In that case the snippet of code that handles 301-303 http status codes may assume this form:

        } else if (m_request.responseCode >= 301 && m_request.responseCode<= 303) {
            // NOTE: This is wrong according to RFC 2616 (section 10.3.[2-4,8]).
            // However, because almost all client implementations treat a 301/302
            // response as a 303 response in violation of the spec, many servers
            // have simply adapted to this way of doing things! Thus, we are
            // forced to do the same thing. Otherwise, we loose compatibility and
            // might not be able to correctly retrieve sites that redirect.
            if (m_request.responseCode == 301) { // Moved permanently
                setMetaData(QLatin1String("permanent-redirect"), QLatin1String("true"));
                if (m_request.method == HTTP_POST) {
                    m_request.method = HTTP_GET; // FORCE a GET
                    setMetaData(QLatin1String("redirect-to-get"), QLatin1String("true"));
                }
            } else if (m_request.responseCode == 302) { // Moved temporarily
                if (m_request.method == HTTP_POST) {
                    m_request.method = HTTP_GET; // FORCE a GET
                    setMetaData(QLatin1String("redirect-to-get"), QLatin1String("true"));
                }
            } else { // 303 See Other
                if (m_request.method != HTTP_HEAD) {
                    m_request.method = HTTP_GET; // FORCE a GET
                    setMetaData(QLatin1String("redirect-to-get"), QLatin1String("true"));
                }
            }
        }

...or something like that.

- Andrea Iacovitti


On Feb. 11, 2014, 10:28 a.m., Dawit Alemayehu wrote:
> 
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://git.reviewboard.kde.org/r/115651/
> -----------------------------------------------------------
> 
> (Updated Feb. 11, 2014, 10:28 a.m.)
> 
> 
> Review request for kdelibs, Andreas Hartmetz and David Faure.
> 
> 
> Bugs: 330795
>     http://bugs.kde.org/show_bug.cgi?id=330795
> 
> 
> Repository: kdelibs
> 
> 
> Description
> -------
> 
> The attached patch fixes how we handle HTTP redirection. Currently KIO does not correctly handle a "303 See Other" response. Instead of converting the redirection request to a GET operation as specified in the RFC, KIO simply repeats the same operation with the redirect URL. Additionally, KIO does not handle redirection of a delete operation that is handled internally.
> 
> 
> Diffs
> -----
> 
>   kio/DESIGN.metadata 1351119 
>   kio/kio/accessmanager.cpp 7a806e8 
>   kio/kio/job.cpp 13107c2 
>   kioslave/http/http.cpp b13eed1 
> 
> Diff: https://git.reviewboard.kde.org/r/115651/diff/
> 
> 
> Testing
> -------
> 
> Run tests at
> 
> http://greenbytes.de/tech/tc/httpredirects/t301methods.html
> http://greenbytes.de/tech/tc/httpredirects/t302methods.html
> http://greenbytes.de/tech/tc/httpredirects/t303methods.html
> 
> 
> Thanks,
> 
> Dawit Alemayehu
> 
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.kde.org/pipermail/kde-core-devel/attachments/20140212/221f2396/attachment.htm>


More information about the kde-core-devel mailing list