net/http: 302 redirect of DELETE to GET isn't RFC compliant #41377
What version of Go are you using (
The text was updated successfully, but these errors were encountered:
Thank you for filing this issue @ncw!
So back in 2016, I implemented this change (on a fun working weekend collaboration with @bradfitz) and the basis for that unconditional change of DELETE->GET was an advisory from Microsoft on how Internet Explorer and other implementations changed the game despite being non-RFC complaint, and here is what guided us https://docs.microsoft.com/en-us/archive/blogs/ieinternals/http-methods-and-redirect-status-codes
and RFC 2616 does talk about the UNCONDITIONAL->GET caveat as per https://tools.ietf.org/html/rfc2616#section-10.3.3
and for posterity here is our guiding research that led us down that road https://docs.google.com/document/d/1LnWicNarwSdVWQ5RcgUOdHEGVcdR--Lravn6G0Hkg6c/
Suggestions to fix
This case clearly lands on the caveat of a modern server not handling the raised caveat, but in the 4+ years since, no one had reported this problem. Thus:
Thanks for the history of this change :-)
My first instinct was to create a bug report for onedrive asking for them to change the redirect to 307. However on reading the RFC I decided that I didn't really have a strong case - they would surely say that the Go http client is behaving strangely.
What do you think?
Note that the RFC you referenced 2616 is obsoleted by the one I referenced 7231 and 7231 doesn't contain the wording here from 2616 as far as I can see
I don't think that will be a good solution in this case. The server responds to GET requests just fine, however it returns a very unexpected error.
I think you can do that with