190630 - Unconfirmed redirect after POST in violation of RFC

Status: RESOLVED WONTFIX

(Core :: Networking: HTTP, defect)

Description

[Adrian van den Dries]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.2.1) Gecko/20021130

RFC 2068 section 10.3.2 states

   If the 301 status code is received in response to a request other
   than GET or HEAD, the user agent MUST NOT automatically redirect the
   request unless it can be confirmed by the user, since this might
   change the conditions under which the request was issued.

Ditto 10.3.3 (302 Moved Temporarily)

Mozilla is in violation of this requirement: it is happy to redirect (with a GET).

The RFC notes:

     Note: When automatically redirecting a POST request after receiving
     a 301 status code, some existing HTTP/1.0 user agents will
     erroneously change it into a GET request.

Mozilla is in this category.

Reproducible: Always

Steps to Reproduce:

Comment 1

[Boris Zbarsky [:bzbarsky]]

confirming.  Darin, is there a reason we just redirect silently?  (I seem to
recall this coming up before but can't find the relevant bug...)

Comment 2

[Darin Fisher]

we do this to remain consistent with other popular browsers such as NN4x and IE.
 changing our behavior here would just cause mozilla to work incorrectly with a
huge number of websites.

marking WONTFIX

bug 48202 is about implementing 303 and 307 correctly per RFC 2616 (note: RFC
2068 is superceded by RFC 2616).

Comment 3

[Bernhard]

Maybe there should be an option to make Mozilla behave correctly? It's frustrating to read standard and then see that they don't work, even with Firefox. Would this really break compatibility with existing Web sites and why? I think, the most redirection targets should accept POST as well as GET.