#32263 [Asn->Csd]: Location sets 302 on HTTP/1.1+POST, should be 303

Tue, 12 Apr 2005 16:05:16 -0700 

 ID:               32263
 Updated by:       [EMAIL PROTECTED]
 Reported By:      pornel at despammed dot com
-Status:           Assigned
+Status:           Closed
 Bug Type:         HTTP related
 Operating System: win
 PHP Version:      5.0.2/cgi, 4.3.3/mod tested
 Assigned To:      rasmus
 New Comment:

This is fixed correctly CVS HEAD now.  We still may hack something
based on SERVER_PROTOCOL into 4.3/5.0.


Previous Comments:
------------------------------------------------------------------------

[2005-03-12 19:02:49] [EMAIL PROTECTED]

I think most clients actually treat a 302 like a 303 in that case.  But
yes, this should be fixed.  Unfortunately we don't have a clean way of
doing this without adding the proto_num to the request_info struct. 
Changing that struct would be a bad idea for PHP4 at this point.  I'll
look into doing it for PHP 5.1.
As a workaround, just do:
header("Location: /foo",true,303);


------------------------------------------------------------------------

[2005-03-12 16:28:36] pornel at despammed dot com

<?php
header("Location: http://example.com";);
?>

HTTP dialog:

POST /test.php5 HTTP/1.1
Host: localhost
Content-Length: 0

HTTP/1.1 302
Date: Sat, 12 Mar 2005 15:28:40 GMT
Server: Apache/1.3.27 (Win32) PHP/4.3.3
X-Powered-By: PHP/5.0.2
Location: http://example.com
Transfer-Encoding: chunked
Content-Type: text/html

0



POST /test.php HTTP/1.1
Host: localhost
Content-Length: 0

HTTP/1.1 302 Found
Date: Sat, 12 Mar 2005 15:26:03 GMT
Server: Apache/1.3.27 (Win32) PHP/4.3.3
X-Powered-By: PHP/4.3.3
Cache-Control: no-cache
Location: http://example.com
Transfer-Encoding: chunked
Content-Type: text/html

0

------------------------------------------------------------------------

[2005-03-12 14:44:51] [EMAIL PROTECTED]

Thank you for this bug report. To properly diagnose the problem, we
need a short but complete example script to be able to reproduce
this bug ourselves. 

A proper reproducing script starts with <?php and ends with ?>,
is max. 10-20 lines long and does not require any external 
resources such as databases, etc.

If possible, make the script source available online and provide
an URL to it here. Try to avoid embedding huge scripts into the report.



------------------------------------------------------------------------

[2005-03-10 14:21:20] pornel at despammed dot com

Description:
------------
HTTP/1.1 user-agents should be redirected after POST request using 303
status.

According to RFC2616 user-agents MUST NOT redirect POST on 302 status
(unless confirmed by the user, AFAIK only Lynx does that), so 302 is
not the best choice in this situation.

In short: if (HTTP/1.1 && POST) default_redirect_status=303.





------------------------------------------------------------------------


-- 
Edit this bug report at http://bugs.php.net/?id=32263&edit=1

Reply via email to