#32263 [Opn->Asn]: Location sets 302 on HTTP/1.1+POST, should be 303

Sat, 12 Mar 2005 10:03:05 -0800 

 ID:               32263
 Updated by:       [EMAIL PROTECTED]
 Reported By:      pornel at despammed dot com
-Status:           Open
+Status:           Assigned
 Bug Type:         HTTP related
 Operating System: win
 PHP Version:      5.0.2/cgi, 4.3.3/mod tested
-Assigned To:      
+Assigned To:      rasmus
 New Comment:

I think most clients actually treat a 302 like a 303 in that case.  But
yes, this should be fixed.  Unfortunately we don't have a clean way of
doing this without adding the proto_num to the request_info struct. 
Changing that struct would be a bad idea for PHP4 at this point.  I'll
look into doing it for PHP 5.1.
As a workaround, just do:
header("Location: /foo",true,303);



Previous Comments:
------------------------------------------------------------------------

[2005-03-12 16:28:36] pornel at despammed dot com

<?php
header("Location: http://example.com";);
?>

HTTP dialog:

POST /test.php5 HTTP/1.1
Host: localhost
Content-Length: 0

HTTP/1.1 302
Date: Sat, 12 Mar 2005 15:28:40 GMT
Server: Apache/1.3.27 (Win32) PHP/4.3.3
X-Powered-By: PHP/5.0.2
Location: http://example.com
Transfer-Encoding: chunked
Content-Type: text/html

0



POST /test.php HTTP/1.1
Host: localhost
Content-Length: 0

HTTP/1.1 302 Found
Date: Sat, 12 Mar 2005 15:26:03 GMT
Server: Apache/1.3.27 (Win32) PHP/4.3.3
X-Powered-By: PHP/4.3.3
Cache-Control: no-cache
Location: http://example.com
Transfer-Encoding: chunked
Content-Type: text/html

0

------------------------------------------------------------------------

[2005-03-12 14:44:51] [EMAIL PROTECTED]

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.



------------------------------------------------------------------------

[2005-03-10 14:21:20] pornel at despammed dot com

Description:
------------
HTTP/1.1 user-agents should be redirected after POST request using 303
status.

According to RFC2616 user-agents MUST NOT redirect POST on 302 status
(unless confirmed by the user, AFAIK only Lynx does that), so 302 is
not the best choice in this situation.

In short: if (HTTP/1.1 && POST) default_redirect_status=303.





------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=32263&edit=1

Reply via email to