Signed Exchange: Make the inner redirect saner and well-defined |
|||
Issue descriptionWanted to file this so that we don't forget to revisit and discuss what changes and checks are needed. - Status code: 302 should probably be 303 - Method: Currently we always convert the method to 'GET', but if the request was 'HEAD' it's probably okay to handle as is - Fragments will need to be preserved: see issue 865852 - Site for cookies: Probably no need to worry about it too much as cookie access can't happen from inner requests. (We currently update this on redirects) - Referrer policy: currently we use default (i.e. CLEAR_REFERRER_ON_TRANSITION_FROM_SECURE_TO_INSECURE) - Referrer: We set nothing (i.e. clear on redirect) See also RedirectInfo::ComputeRedirectInfo() and RedirectUtil::UpdateHttpRequest() to see what we're doing with regular redirects.
,
Jul 23
Also something to consider: Whether the inner redirect counts towards the redirect count of the page (currently it does in Chrome, but wouldn't for other implementations, AIUI)
,
Aug 16
,
Aug 16
Now the loading spec draft explicitly says the redirect code should be 303. https://wicg.github.io/webpackage/loading.html
,
Aug 29
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/7e8a3c6f01810ae80b523aeac60a10de26005f18 commit 7e8a3c6f01810ae80b523aeac60a10de26005f18 Author: Kunihiko Sakamoto <ksakamoto@chromium.org> Date: Wed Aug 29 01:02:18 2018 Signed Exchange: Use status code 303 for internal redirects Bug: 866355 Change-Id: I4f78ff8673d89aae087c5ad0cc528016761eac96 Reviewed-on: https://chromium-review.googlesource.com/1192570 Reviewed-by: Kouhei Ueno <kouhei@chromium.org> Reviewed-by: Kinuko Yasuda <kinuko@chromium.org> Commit-Queue: Kunihiko Sakamoto <ksakamoto@chromium.org> Cr-Commit-Position: refs/heads/master@{#586977} [modify] https://crrev.com/7e8a3c6f01810ae80b523aeac60a10de26005f18/content/browser/web_package/signed_exchange_loader.cc [modify] https://crrev.com/7e8a3c6f01810ae80b523aeac60a10de26005f18/content/browser/web_package/signed_exchange_request_handler_browsertest.cc |
|||
►
Sign in to add a comment |
|||
Comment 1 by kinuko@chromium.org
, Jul 23