Closed Bug 737465 Opened 13 years ago Closed 9 years ago

Include redirection count in request headers to help redirect loop detection

Categories

(Core :: Networking: HTTP, enhancement)

Product:
Core
Component:
Networking: HTTP
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: gtisza, Unassigned)

Details

Server bugs resulting in infinite redirect loops can be hard for the maintainer of the server to detect: since the redirect happens as soon as the response headers are received, Javascript etc. is not available, and the server can only use cookies (and sessions) to keep track of redirects. Cookies are shared between browser tabs and windows, so if the user has many tabs and/or the tabs issue lots of AJAX requests, a cookie- or session-based redirect counter could behave in unpredictable ways. A simple solution to this problem is to send the redirect count as a HTTP header: - if the HTTP request sent by the browser is a follow-up to a HTTP 30x response, the redirect count is one plus the redirect count of the request belonging to that response; - otherwise the redirect count is zero; - if the redirect count is non-zero, include an "X-Redirect-Count: <redirect count>" header in the request. That way, the server could detect if the redirect count goes e.g. over 10, and log an error. Right now, this kind of error usually goes unnoticed. Another possible solution would be to implement an auto-notification scheme, something like Content Security Policy violation reports.
would want to see a standard here..
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.