[wp-trac] [WordPress Trac] #17588: fsockopen performs a POST request to a redirected location
WordPress Trac
noreply at wordpress.org
Wed Jan 2 05:30:44 UTC 2013
#17588: fsockopen performs a POST request to a redirected location
--------------------------+------------------
Reporter: dd32 | Owner:
Type: defect (bug) | Status: new
Priority: normal | Milestone: 3.6
Component: HTTP | Version: 3.2
Severity: normal | Resolution:
Keywords: has-patch |
--------------------------+------------------
Comment (by rmccue):
Relevant from [http://tools.ietf.org/html/rfc2616#section-10.3.3 RFC2616
(HTTP/1.1)]:
If the 302 status code is received in response to a request other
than GET or HEAD, the user agent MUST NOT automatically redirect the
request unless it can be confirmed by the user, since this might
change the conditions under which the request was issued.
Note: RFC 1945 and RFC 2068 specify that the client is not allowed
to change the method on the redirected request. However, most
existing user agent implementations treat 302 as if it were a 303
response, performing a GET on the Location field-value regardless
of the original request method. The status codes 303 and 307 have
been added for servers that wish to make unambiguously clear which
kind of reaction is expected of the client.
I just tested with both Firefox and Chrome, and both change `POST` to
`GET` automatically (so technically, this makes them non-2616 compliant).
A 307 gives a dialog in Firefox, but not in Chrome.
What WP_HTTP should do is redirect this automatically for pragmatic
reasons and ignore the spec in this case. A 307 should ignore the
verification requirement however, as wonderboymusic noted, and there's
precedent for doing this with Chrome.
As such, the patch looks good. +1
--
Ticket URL: <http://core.trac.wordpress.org/ticket/17588#comment:7>
WordPress Trac <http://core.trac.wordpress.org/>
WordPress blogging software
More information about the wp-trac
mailing list