Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Are there any known cases of HTTP clients not supporting relative redirects?

Relative redirects (i.e. relative URLs in the HTTP Location: header) were originally not supported according to RFC 2616, section 14.30. However this was described as a "bug in the spec", and was later changed in RFC 7231, section 7.1.2. Thus relative redirects are now "officially supported".

My question is: Are there any known cases of HTTP clients (browsers, tools, libraries..) not supporting relative redirects?

Update: Alternatively, a valid answer could provide a exhaustive list of HTTP clients which are known to accept relative redirects, along with version number ranges.

like image 650
Grodriguez Avatar asked Sep 16 '15 16:09

Grodriguez


People also ask

How does redirect work in HTTP?

In HTTP, redirection is triggered by a server sending a special redirect response to a request. Redirect responses have status codes that start with 3 , and a Location header holding the URL to redirect to. When browsers receive a redirect, they immediately load the new URL provided in the Location header.

What HTTP code is sent to the browser to redirect it to another page?

The 302 status code indicates that the resource you are requesting has redirected to another resource. With a 302 "Found" or "Moved Temporarily" redirect, the server redirects the user to the new destination despite the original location still being used for requests.

Does HTTP redirect to HTTPS?

Although HTTP and HTTPs seem similar enough, it's important to know the difference between the two. Here's how it all boils down: HTTPS is secure, while HTTP is not. The websites that have made the move to redirect HTTP to HTTPS appear with a padlock on the browser bar before the URL.


1 Answers

I was doing some research and it seems that in fact most browsers (and also Googles search bot) support the feature. I was not able to get a definitive list though. Some 10000 http clients may eventually exist, each of them has their own way to handle the header fields (some may even ignore it completely).

As RFC 7231 is quite new (2014) my recommendation would be to not count on it. Following Postel's law ("Be conservative in what you send, be liberal in what you accept") I think sticking with the definite standard is always a good idea and just adding the domain to the redirect isn't much trouble.

like image 82
Martin Müller Avatar answered Oct 10 '22 22:10

Martin Müller