[prev in list] [next in list] [prev in thread] [next in thread] 

List:       httpclient-commons-dev
Subject:    [jira] [Commented] (HTTPCLIENT-1716) DefaultRedirectStrategy seems to disregard HTTP spec for PUT/PO
From:       "Dariusz Kordonski (JIRA)" <jira () apache ! org>
Date:       2016-01-28 11:49:39
Message-ID: JIRA.12934680.1453955404000.236178.1453981779913 () Atlassian ! JIRA
[Download RAW message or body]


    [ https://issues.apache.org/jira/browse/HTTPCLIENT-1716?page=com.atlassian.jira.pl \
ugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15121266#comment-15121266 \
] 

Dariusz Kordonski commented on HTTPCLIENT-1716:
-----------------------------------------------

Hi Oleg,

thanks for pointing that out, I wasn't aware of the new revision of HTTP 1.1, I was \
basing my comments on the outdated docs and what I read on the web. I guess in such \
case it's definitely not a bug, although my reading of 

{quote}
Automatic redirection needs to done with care for methods not known to be safe, as \
defined in Section 4.2.1, since the user might not wish to redirect an unsafe \
request. {quote}

is that idempotent methods are not necessarily always OK to automatically redirect \
(as opposed to safe methods, to which PUT does not belong as per 4.2.1). 

However I don't have much expertise in interpreting specifications and I raised this \
issue with the "traditional" interpretation of 3xx restrictions in mind, so feel free \
to close it (with the hope that the docs of {{DefaultRedirectStrategy}} will be \
updated at some point).

Best regards,
Dariusz Kordonski

> DefaultRedirectStrategy seems to disregard HTTP spec for PUT/POST/DELETE request \
>                 redirects
> ------------------------------------------------------------------------------------------
>  
> Key: HTTPCLIENT-1716
> URL: https://issues.apache.org/jira/browse/HTTPCLIENT-1716
> Project: HttpComponents HttpClient
> Issue Type: Bug
> Components: HttpClient
> Affects Versions: 5.0 Alpha1
> Reporter: Dariusz Kordonski
> 
> Observed on {{trunk}} branch that has 5.0-alpha2-SNAPSHOT mvn version.
> The docs for {{DefaultRedirectStrategy}} correctly state:
> {quote}
> This strategy honors the restrictions on automatic redirection of entity enclosing \
> methods such as POST and PUT imposed by the HTTP specification. \{@code 302 Moved \
> Temporarily\}, \{@code 301 Moved Permanently\} and \{@code 307 Temporary Redirect\} \
> status codes will result in an automatic redirect of HEAD and GET methods only. \
> POST and PUT methods will not be automatically redirected as requiring user \
> confirmation. {quote}
> (NB: in fact to be more precise I think DELETE requests should also be *not* \
> automatically redirected) However the actual implementation does not seem to follow \
> this, whereby {{isRedirected}} pretty much lets all requests through: {code}
> switch (statusCode) {
> case HttpStatus.SC_MOVED_PERMANENTLY:
> case HttpStatus.SC_MOVED_TEMPORARILY:
> case HttpStatus.SC_SEE_OTHER:
> case HttpStatus.SC_TEMPORARY_REDIRECT:
> return true;
> default:
> return false;
> }
> {code}
> A simple failing test case that confirms the problem for a PUT request resulting \
> with 302 (PUT should only be redirected automatically for 303): {code}
> @Test
> public void testIsRedirectedForTemporaryRedirectPut() throws Exception {
> final DefaultRedirectStrategy redirectStrategy = new DefaultRedirectStrategy();
> final HttpResponse response = new BasicHttpResponse(HttpVersion.HTTP_1_1,
> HttpStatus.SC_TEMPORARY_REDIRECT, "Temporary Redirect");
> response.addHeader("Location", "http://localhost/stuff");
> final HttpContext context = new BasicHttpContext();
> assertFalse(redirectStrategy.isRedirected(new HttpPut("http://localhost/"), \
> response, context)); }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@hc.apache.org
For additional commands, e-mail: dev-help@hc.apache.org


[prev in list] [next in list] [prev in thread] [next in thread]