hc-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleg Kalnichevski (JIRA)" <j...@apache.org>
Subject [jira] Resolved: (HTTPCLIENT-860) DefaultRequestDirector converts redirects of PUT/POST to GET for status codes 301, 302, 307
Date Tue, 14 Jul 2009 20:17:14 GMT

     [ https://issues.apache.org/jira/browse/HTTPCLIENT-860?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel

Oleg Kalnichevski resolved HTTPCLIENT-860.

    Resolution: Fixed

As I said I cannot make everyone happy. It is just not possible to make any API changes at
this point. I wish more people reviewed the API while HttpClient 4.0 was still in ALPHA.

Patch checked in.


> DefaultRequestDirector converts redirects of PUT/POST to GET for status codes 301, 302,
> -------------------------------------------------------------------------------------------
>                 Key: HTTPCLIENT-860
>                 URL: https://issues.apache.org/jira/browse/HTTPCLIENT-860
>             Project: HttpComponents HttpClient
>          Issue Type: Bug
>          Components: HttpClient
>    Affects Versions: 4.0 Beta 2
>            Reporter: Ben Perkins
>             Fix For: 4.0 Final
>         Attachments: HTTPCLIENT-860.patch
> The DefaultRequestDirector treats redirect requests created by all redirect status codes
HttpStatus.SC_TEMPORARY_REDIRECT) the same, converting PUT/POST methods to GET.  The HttpClient
Tutorial even documents this as being in accordance with the specification, but I don't believe
that's true.
> Per the RFC (http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html), conversion of PUT/POST
to GET is appropriate only for 303 (See Other).  The others do not suggest this behavior.
 In fact, the following notes attached to them call it out as incorrect.
> 301 (Moved Permanently) has this note:
>       Note: When automatically redirecting a POST request after
>       receiving a 301 status code, some existing HTTP/1.0 user agents
>       will erroneously change it into a GET request.
> And 302 (Found) say this:
>       Note: RFC 1945 and RFC 2068 specify that the client is not allowed
>       to change the method on the redirected request.  However, most
>       existing user agent implementations treat 302 as if it were a 303
>       response, performing a GET on the Location field-value regardless
>       of the original request method. The status codes 303 and 307 have
>       been added for servers that wish to make unambiguously clear which
>       kind of reaction is expected of the client.
> The currently implemented behavior is causing problems with interacting with Central
Authentication Service protected resources, among other things.

This message is automatically generated by JIRA.
You can reply to this email to add a comment to the issue online.

To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org

View raw message