On 2022/02/01 11:50, Kirill Miazine wrote: > Hi, tech > > I tried misc@ first, but then without a patch. Now diff is at the end of > the message. > > Currently, /etc/examples/httpd.conf uses HTTP 302 to do a redirect, but > apparently 307 should give a more predictable behaviour. > > According to > https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/302, "even if > the specification requires the method (and the body) not to be altered > when the redirection is performed, not all user-agents conform here > - you can still find this type of bugged software out there. It is > therefore recommended to set the 302 code only as a response for GET or > HEAD methods and to use 307 Temporary Redirect instead, as the method > change is explicitly prohibited in that case." > > "The only difference between 307 and 302 is that 307 guarantees that the > method and the body will not be changed when the redirected request is > made. With 302, some old clients were incorrectly changing the method to > GET: the behavior with non-GET methods and 302 is then unpredictable on > the Web, whereas the behavior with 307 is predictable. For GET requests, > their behavior is identical." > > Wouldn't it be better to use 307 in the example httpd.conf? > > --- /etc/examples/httpd.conf Sun Jan 30 19:00:39 2022 > +++ httpd.conf Tue Feb 1 11:45:00 2022 > @@ -7,7 +7,7 @@ > request strip 2 > } > location * { > - block return 302 "https://$HTTP_HOST$REQUEST_URI"; > + block return 307 "https://$HTTP_HOST$REQUEST_URI"; > } > } > >
Any idea what compatibility is like for this? Not thinking of the big browsers mentioned in the mozilla page but console browsers, CLI clients, etc. (Also for this, which is an example of an http->https redirect, I wonder if 301 would actually be the more appropriate response..or there is 308 but that is only recommended for non GET/HEAD requests).
