• Stuart Henderson [2022-02-01 11:28]: > > Hi, tech > > > > I tried misc@ first, but then without a patch. Now diff is at the end of > > the message. > > > > Currently, /etc/examples/httpd.conf uses HTTP 302 to do a redirect, but > > apparently 307 should give a more predictable behaviour. > > > > According to > > https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/302, "even if > > the specification requires the method (and the body) not to be altered > > when the redirection is performed, not all user-agents conform here > > - you can still find this type of bugged software out there. It is > > therefore recommended to set the 302 code only as a response for GET or > > HEAD methods and to use 307 Temporary Redirect instead, as the method > > change is explicitly prohibited in that case." > > > > "The only difference between 307 and 302 is that 307 guarantees that the > > method and the body will not be changed when the redirected request is > > made. With 302, some old clients were incorrectly changing the method to > > GET: the behavior with non-GET methods and 302 is then unpredictable on > > the Web, whereas the behavior with 307 is predictable. For GET requests, > > their behavior is identical." > > > > Wouldn't it be better to use 307 in the example httpd.conf? > > > > --- /etc/examples/httpd.conf Sun Jan 30 19:00:39 2022 > > +++ httpd.conf Tue Feb 1 11:45:00 2022 > > @@ -7,7 +7,7 @@ > > request strip 2 > > } > > location * { > > - block return 302 "https://$HTTP_HOST$REQUEST_URI"; > > + block return 307 "https://$HTTP_HOST$REQUEST_URI"; > > } > > } > > > > > > Any idea what compatibility is like for this? Not thinking of the big > browsers mentioned in the mozilla page but console browsers, CLI clients, > etc.
I only tested with w3m, lynx, links and ftp(1), and they all worked fine for me: $ ftp -o /dev/null http://uptime.is/ Trying 2a01:7c8:aaac:2d4::32... Requesting http://uptime.is/ Redirected to https://uptime.is/ Trying 2a01:7c8:aaac:2d4::32... Requesting https://uptime.is/ 5677 bytes received in 0.00 seconds (37.51 MB/s) I've only tested with GET, though. > (Also for this, which is an example of an http->https redirect, I wonder > if 301 would actually be the more appropriate response..or there is > 308 but that is only recommended for non GET/HEAD requests). No strong opinion here -- I prefer temporary redirects personally, but that's just a matter of taste. -- -- Kirill Miazine <[email protected]>
