Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(53)

Side by Side Diff: net/url_request/url_request.cc

Issue 8375002: Preserve non-POST methods on 301/302 requests. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Normal browsers are normal no longer (Err...or something) Created 9 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/url_request/url_request.h" 5 #include "net/url_request/url_request.h"
6 6
7 #include "base/bind.h" 7 #include "base/bind.h"
8 #include "base/callback.h" 8 #include "base/callback.h"
9 #include "base/compiler_specific.h" 9 #include "base/compiler_specific.h"
10 #include "base/memory/singleton.h" 10 #include "base/memory/singleton.h"
(...skipping 677 matching lines...) Expand 10 before | Expand all | Expand 10 after
688 } 688 }
689 689
690 if (!location.is_valid()) 690 if (!location.is_valid())
691 return ERR_INVALID_URL; 691 return ERR_INVALID_URL;
692 692
693 if (!job_->IsSafeRedirect(location)) { 693 if (!job_->IsSafeRedirect(location)) {
694 DVLOG(1) << "disallowing redirect: unsafe protocol"; 694 DVLOG(1) << "disallowing redirect: unsafe protocol";
695 return ERR_UNSAFE_REDIRECT; 695 return ERR_UNSAFE_REDIRECT;
696 } 696 }
697 697
698 bool strip_post_specific_headers = false; 698 // For 303 redirects, all request methods are converted to GETs, as per RFC
699 if (http_status_code != 307) { 699 // 2616. The latest httpbis draft also allows POST requests to be converted
700 // NOTE: Even though RFC 2616 says to preserve the request method when 700 // to GETs when following 301/302 redirects for historical reasons. Most
701 // following a 302 redirect, normal browsers don't do that. Instead, they 701 // major browsers do this and so shall we. The RFC says to prompt the user
702 // all convert a POST into a GET in response to a 302 and so shall we. For 702 // to confirm the generation of new requests, other than GET and HEAD
703 // 307 redirects, browsers preserve the method. The RFC says to prompt the 703 // requests, but IE omits these prompts and so shall we.
704 // user to confirm the generation of a new POST request, but IE omits this 704 // See: http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-late st.html#status.3xx
705 // prompt and so shall we. 705 bool was_post = method_ == "POST";
706 strip_post_specific_headers = method_ == "POST"; 706 if (http_status_code == 303 ||
707 ((http_status_code == 301 || http_status_code == 302) && was_post)) {
707 method_ = "GET"; 708 method_ = "GET";
708 upload_ = NULL; 709 upload_ = NULL;
710 if (was_post) {
711 // If being switched from POST to GET, must remove headers that were
712 // specific to the POST and don't have meaning in GET. For example
713 // the inclusion of a multipart Content-Type header in GET can cause
714 // problems with some servers:
715 // http://code.google.com/p/chromium/issues/detail?id=843
716 StripPostSpecificHeaders(&extra_request_headers_);
717 }
709 } 718 }
710 719
711 // Suppress the referrer if we're redirecting out of https. 720 // Suppress the referrer if we're redirecting out of https.
712 if (GURL(referrer_).SchemeIsSecure() && !location.SchemeIsSecure()) 721 if (GURL(referrer_).SchemeIsSecure() && !location.SchemeIsSecure())
713 referrer_.clear(); 722 referrer_.clear();
714 723
715 url_chain_.push_back(location); 724 url_chain_.push_back(location);
716 --redirect_limit_; 725 --redirect_limit_;
717 726
718 if (strip_post_specific_headers) {
719 // If being switched from POST to GET, must remove headers that were
720 // specific to the POST and don't have meaning in GET. For example
721 // the inclusion of a multipart Content-Type header in GET can cause
722 // problems with some servers:
723 // http://code.google.com/p/chromium/issues/detail?id=843
724 StripPostSpecificHeaders(&extra_request_headers_);
725 }
726
727 if (!final_upload_progress_) 727 if (!final_upload_progress_)
728 final_upload_progress_ = job_->GetUploadProgress(); 728 final_upload_progress_ = job_->GetUploadProgress();
729 729
730 PrepareToRestart(); 730 PrepareToRestart();
731 Start(); 731 Start();
732 return OK; 732 return OK;
733 } 733 }
734 734
735 const URLRequestContext* URLRequest::context() const { 735 const URLRequestContext* URLRequest::context() const {
736 return context_.get(); 736 return context_.get();
(...skipping 151 matching lines...) Expand 10 before | Expand all | Expand 10 after
888 888
889 void URLRequest::SetUnblockedOnDelegate() { 889 void URLRequest::SetUnblockedOnDelegate() {
890 if (!blocked_on_delegate_) 890 if (!blocked_on_delegate_)
891 return; 891 return;
892 blocked_on_delegate_ = false; 892 blocked_on_delegate_ = false;
893 load_state_param_.clear(); 893 load_state_param_.clear();
894 net_log_.EndEvent(NetLog::TYPE_URL_REQUEST_BLOCKED_ON_DELEGATE, NULL); 894 net_log_.EndEvent(NetLog::TYPE_URL_REQUEST_BLOCKED_ON_DELEGATE, NULL);
895 } 895 }
896 896
897 } // namespace net 897 } // namespace net
OLDNEW
« no previous file with comments | « net/data/url_request_unittest/redirect303-to-echo.mock-http-headers ('k') | net/url_request/url_request_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698