Senthil Kumaran <sent...@uthcode.com> added the comment: Hi Jay & Éric,
I understand your points and providing an extra argument seems like an idea that could be useful to circumvent , what you see as a problem. The RFC section states that - "The action required MAY be carried out by the user agent without interaction with the user if and only if the method used in the second request is GET or HEAD". By this, I understand, RFC means, for the POST data, the user is made aware and is conscious of the redirect which is happening and is "permitting" to POST the data to new location. The interaction happens like this: User: Post to /a Browser: Posts to /a and Server says oh /a is /b Browser: Hello user! Server says /a is now /b. Shall I post to /b? User: Yes, you may. This is different from what you are saying, which is like with having an option in the browser settings which will enable following redirect on POST. User: Post to /a (and if there is redirect follow that post to the corresponding site). Browser: Posts to /a and Server says /a is /b. Browser: Posts to /b But do you know if any such browser setting exist? No. Browsers for good reasons do not provide such a setting and they prompt user if they want to follow the redirect with POST. In a similar way, developers using urllib as library in their applications can obtain the redirected URL and then POST to the redirected URL. That would be equivalent behavior. Providing an automatic follow redirect on POST could serious security issue, both for clients/libraries and browser. Even with a word of caution, it has a high chance of being misused. So, I am -1 on this proposal. I hope you understand my argument. I had thought about this earlier a for a similar issue and I remember we made the decision to drop the data following the redirected POST. If my argument is not convincing enough, then I think, it would be good idea to bring this bug to discussion on python-dev or web-sig and provide some concrete real world examples. That could bring some use cases for/against this issue and might be helpful. Thanks, Senthil ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue14144> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
