HTTP POST =>所期望的正确行为是什么? 302重定向到GET? [英] What is the correct behavior expected of an HTTP POST => 302 redirect to GET?
问题描述
POST => 302重定向到GET的正确行为是什么?
What is the correct behavior expected of a POST => 302 redirect to GET?
在Chrome(可能是大多数每个浏览器)中,在我POST(到想要我重定向的资源)并且我收到302重定向后,浏览器会自动发出获取302位置。这甚至是众所周知的模式。但是我阅读规范的方式似乎表明这不应该发生。
In chrome (and likely most every browser), after I POST (to a resource that wants me to redirect) and I receive a 302 redirect, the browser automatically issues a GET on the 302 location. This is even a well known pattern. But the way I read the spec, it seems to suggest this should not happen.
如果收到302状态代码对
GET或HEAD以外的请求作出回应,用户代理不得自动重定向
请求,除非用户可以确认,因为这可能会
改变发出请求的条件。
If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.
fiddler显示:
And fiddler is showing:
REQUEST 1: POST URLA
RESPONSE 1: 302 redirect to URLB
REQUEST 2: GET URLB
上面的部分似乎说浏览器不应该发出GET请求?我错过了什么?
The section above seems to say that the browser should not make the GET request? What am I missing?
- 规范中较早的内容使得此部分无关紧要
- 我对自动重定向的理解是错误的(并且执行GET的Chrome浏览器并没有真正自动重定向)
- 我的理解是确认这是一个用户
- 还有什么?
- Something earlier in the spec that makes this section irrelevant
- My understanding of automatically redirect is wrong (and the chrome browser that did the GET wasn't really automatically redirecting)
- My understanding of confirmed this as a user
- Something else?
推荐答案
规范中的下一行开始:
注意:RFC 1945和RFC 2068指定不允许客户端
更改重定向请求的方法。但是,大多数
现有用户代理实现将302视为303
响应,对位置字段值执行GET,而不管原始请求方法的
。状态代码303和307已经为希望明确清楚客户端预期会产生
类型反应的服务器添加了
。
Note: RFC 1945 and RFC 2068 specify that the client is not allowed to change the method on the redirected request. However, most existing user agent implementations treat 302 as if it were a 303 response, performing a GET on the Location field-value regardless of the original request method. The status codes 303 and 307 have been added for servers that wish to make unambiguously clear which kind of reaction is expected of the client.
在此之后,它会解释如何处理303,这正是你所看到的。
And immediately after that, it explains how a 303 should be handled, and it's exactly what you're seeing.
如果你问为什么服务器仍在使用302而不是307,这是当前所有浏览器都能正确处理的,那是因为旧的浏览器无法处理它。如果你想知道为什么浏览器将302作为303处理,那是因为旧服务器期望它。实际上没有办法摆脱那个循环,并且HTTP可能更好地将302恢复为意味着它的意思,并且弃用它(对于非GET / HEAD)而不是307。
If you're asking why servers are still using 302 instead of 307, which all current browsers will handle correctly, it's because old browsers won't handle it. If you're wondering why browsers handle 302 as 303, it's because old servers expect it. There's really no way out of that loop, and it would probably be better for HTTP to just revert 302 to mean what it used to mean, and deprecate it (for non-GET/HEAD) in favor of 307.
这篇关于HTTP POST =>所期望的正确行为是什么? 302重定向到GET?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
