I completely agree. Even without getting into API clients, the intent of this option is to tell everyone that the canonical URL is not that, not disrupt normal operations. The same can be said about the http->https redirect. There's no security problem here, as the data has already been sent in plain text, the only thing that I can think of is whether HSTS preload will support anything except 301.
I can, however, see a downside, mostly for API clients, but the people that use the APPEND_SLASH option obviously don't care about this aspect, which is that API clients generally don't cache 301s between sessions, so every request will have an extra hop, vs realising instantly that it's broken (because your POST doesn't work). However, this is something you should expect, after you set that option. As a side note, this is the browser support for 308: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/308#Browser_compatibility - IE on Windows 7/8.1 doesn't support it. User agent hacks are bad, but, at least as a setting that (temporarily) defaults to off this would be a huge improvement. On Fri, 11 Jan 2019 at 19:25, René Fleschenberg <r...@fleschenberg.net> wrote: > I am using ``APPEND_SLASH = True`` (the default) and usually use a > trailing slash in all of my URL patterns. > > This works great for the most part, but some API clients send > POST-requests without the slash and then change the request method to > GET on the subsequent request. In particular, a popular API testing tool > (https://www.getpostman.com/) seems to be affected by this. > > I can subclass ``CommonMiddleware`` and set ``response_redirect_class``, > no problem. However, maybe Django should just send HTTP 308 by default? > Is there any reason not to? > > -- > René Fleschenberg > > -- > You received this message because you are subscribed to the Google Groups > "Django developers (Contributions to Django itself)" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to django-developers+unsubscr...@googlegroups.com. > To post to this group, send email to email@example.com. > Visit this group at https://groups.google.com/group/django-developers. > To view this discussion on the web visit > https://groups.google.com/d/msgid/django-developers/1aa24da3-cd05-317a-b8c1-2a76d707b935%40fleschenberg.net > . > For more options, visit https://groups.google.com/d/optout. > -- George-Cristian Bîrzan -- You received this message because you are subscribed to the Google Groups "Django developers (Contributions to Django itself)" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-developers+unsubscr...@googlegroups.com. To post to this group, send email to firstname.lastname@example.org. Visit this group at https://groups.google.com/group/django-developers. To view this discussion on the web visit https://groups.google.com/d/msgid/django-developers/CAMxNYaaNdN4oQrQa6csWt_TWE2onShXSrYBfp-CF2ta%2Bunptdg%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.