Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(317)

Unified Diff: net/url_request/url_request.cc

Issue 8375002: Preserve non-POST methods on 301/302 requests. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Normal browsers are normal no longer (Err...or something) Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
Index: net/url_request/url_request.cc
===================================================================
--- net/url_request/url_request.cc (revision 106917)
+++ net/url_request/url_request.cc (working copy)
@@ -695,17 +695,26 @@
return ERR_UNSAFE_REDIRECT;
}
- bool strip_post_specific_headers = false;
- if (http_status_code != 307) {
- // NOTE: Even though RFC 2616 says to preserve the request method when
- // following a 302 redirect, normal browsers don't do that. Instead, they
- // all convert a POST into a GET in response to a 302 and so shall we. For
- // 307 redirects, browsers preserve the method. The RFC says to prompt the
- // user to confirm the generation of a new POST request, but IE omits this
- // prompt and so shall we.
- strip_post_specific_headers = method_ == "POST";
+ // For 303 redirects, all request methods are converted to GETs, as per RFC
+ // 2616. The latest httpbis draft also allows POST requests to be converted
+ // to GETs when following 301/302 redirects for historical reasons. Most
+ // major browsers do this and so shall we. The RFC says to prompt the user
+ // to confirm the generation of new requests, other than GET and HEAD
+ // requests, but IE omits these prompts and so shall we.
+ // See: http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-latest.html#status.3xx
+ bool was_post = method_ == "POST";
+ if (http_status_code == 303 ||
+ ((http_status_code == 301 || http_status_code == 302) && was_post)) {
method_ = "GET";
upload_ = NULL;
+ if (was_post) {
+ // If being switched from POST to GET, must remove headers that were
+ // specific to the POST and don't have meaning in GET. For example
+ // the inclusion of a multipart Content-Type header in GET can cause
+ // problems with some servers:
+ // http://code.google.com/p/chromium/issues/detail?id=843
+ StripPostSpecificHeaders(&extra_request_headers_);
+ }
}
// Suppress the referrer if we're redirecting out of https.
@@ -715,15 +724,6 @@
url_chain_.push_back(location);
--redirect_limit_;
- if (strip_post_specific_headers) {
- // If being switched from POST to GET, must remove headers that were
- // specific to the POST and don't have meaning in GET. For example
- // the inclusion of a multipart Content-Type header in GET can cause
- // problems with some servers:
- // http://code.google.com/p/chromium/issues/detail?id=843
- StripPostSpecificHeaders(&extra_request_headers_);
- }
-
if (!final_upload_progress_)
final_upload_progress_ = job_->GetUploadProgress();
« no previous file with comments | « net/data/url_request_unittest/redirect303-to-echo.mock-http-headers ('k') | net/url_request/url_request_unittest.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698