303 redirects should preserve HEAD #753
Comments
|
Thanks for raising this. So we'd add a conditional for method not being (Note that there's also another issue here, that we want to remove various |
annevk
added
good first issue
|
cc: @jungkees |
|
I send DELETE requests via fetch() to my server and get back 303 status redirects. I expect HEAD requests here... Actually I see GET. I expect to HEAD because of next thing I will do is window.location.replace(response.url);, so I do not need twice GET requests here... |
|
even better add option to fetch() for users to give them ability select, which method to use after redirects follow_redirect_method: { |
|
@lorddaedra that's not something that the HTTP specification allows for. |
|
We encountered this issue on Edge today and plan to align with Chrome to keep HEAD when following a 303. |
|
@ericlaw1979 great, are you all planning on updating web-platform-tests? Apart from a PR against Fetch that's pretty much all it takes to fix this. |
|
I believe the tests were fine. It's just the spec that was wrong. |
|
My bad, I should have read OP better. I guess I'll fix Fetch then. |
Tests: already tested by fetch/api/redirect/redirect-method.any.js. Fixes #753.
Tests: already tested by fetch/api/redirect/redirect-method.any.js. Fixes #753.
(@yutakahirano passed this along to me to dig into.)
The Fetch spec, in step 11 here, says: "If either actualResponse’s status is 301 or 302 and request’s method is
POST, or actualResponse’s status is 303, set request’s method toGETand request’s body to null."https://fetch.spec.whatwg.org/#http-redirect-fetch
This implies that a 303 in response to a HEAD gets converted to GET. However wpt says it stays as a HEAD. That is Chrome's behavior as well and, loading the tests in Firefox, seem to be Firefox's behavior.
http://w3c-test.org/fetch/api/redirect/redirect-method.any.html
Our behavior appears to date to here:
https://bugs.chromium.org/p/chromium/issues/detail?id=102130
https://trac.ietf.org/trac/httpbis/ticket/310
which cites what ultimately became the new HTTP RFCs.
The "clarification" in the IETF specification is absurdly unclear, but the intent and reality do seem to align on 303 not transforming HEAD. Additionally, it seems odd for a HEAD request (which expects no body) to ultimately receive a GET response (which has a body). So I believe this is just a mistake in the Fetch spec.
The text was updated successfully, but these errors were encountered: