New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Misleading option --post303 #2723

Closed
vfaronov opened this Issue Jul 9, 2018 · 3 comments

Comments

Projects
None yet
2 participants
@vfaronov

vfaronov commented Jul 9, 2018

The documentation for the --post303 option says:

respect RFC 7231/6.4.4 and not convert POST requests into GET requests when following a 303 redirection. The non-RFC behaviour is ubiquitous in web browsers

But RFC 7231 Section 6.4.4 actually says:

[...] intended to provide an indirect response to the original request. A user agent can perform a retrieval request targeting that URI (a GET or HEAD request if using HTTP) [...]

The user agent is not supposed to blindly resubmit the original request to the new URI, which is the whole point of distinguishing 303 from 302. So browsers get this just right.

I guess the option could be useful for some applications that get this wrong, but its description is misleading.

@bagder bagder added the documentation label Jul 9, 2018

@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Jul 9, 2018

Member

Agreed, that text is a copy and paste from the other --post30X options and incorrect.

Member

bagder commented Jul 9, 2018

Agreed, that text is a copy and paste from the other --post30X options and incorrect.

bagder added a commit that referenced this issue Jul 9, 2018

post303.d: clarify that this is an RFC violation
... and not the other way around, which this previously said.

Reported-by: Vasiliy Faronov
Fixes #2723
@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Jul 9, 2018

Member

@vfaronov do you think #2726 fixes it good enough?

Member

bagder commented Jul 9, 2018

@vfaronov do you think #2726 fixes it good enough?

@vfaronov

This comment has been minimized.

Show comment
Hide comment
@vfaronov

vfaronov Jul 10, 2018

Yes, looks fine.

vfaronov commented Jul 10, 2018

Yes, looks fine.

@bagder bagder closed this in 522236f Jul 10, 2018

falconindy added a commit to falconindy/curl that referenced this issue Sep 10, 2018

post303.d: clarify that this is an RFC violation
... and not the other way around, which this previously said.

Reported-by: Vasiliy Faronov
Fixes curl#2723
Closes curl#2726

@lock lock bot locked as resolved and limited conversation to collaborators Oct 8, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.