Applying original fragment to "plain" redirected URI

[mnot]

In the resolution to #43, we warned that we don't define precedence when both the request URI and the redirected URI have fragment identifiers;

  Note: This specification does not define precedence rules for the
  case where the original URI, as navigated to by the user agent,
  and the Location header field value both contain fragment
  identifiers.  Thus be aware that including fragment identifiers
  might inconvenience anyone relying on the semantics of the
  original URI's fragment identifier.

However, we didn't explicitly cover the case where the request-URI has a fragment identifier, but the Location URI does not.

This should be defined; at a minimum, we should say that we don't specify behaviour, to warn people of interop problems.

Interestingly, an old I-D did specify behaviour here: http://tools.ietf.org/html/draft-bos-http-redirect-00

Specifically:

If the server returns a response code of 300 ("multiple choice"), 301 ("moved permanently"), 302 ("moved temporarily") or 303 ("see other"), and if the server also returns one or more URIs where the resource can be found, then the client SHOULD treat the new URIs as if the fragment identifier of the original URI was added at the end.

See also: http://blogs.msdn.com/b/ieinternals/archive/2011/05/17/url-fragments-and-redirects-anchor-hash-missing.aspx

Test script at: https://gist.github.com/330963 tests T4 and T8 (note that the "FAIL/PASS" determinations assume that the resolution would align with draft-bos-http-redirect).

Reported by @mnot, migrated from https://trac.ietf.org/trac/httpbis/ticket/295

[mnot]

@mnot changed milestone from unassigned to 15

[mnot]

julian.reschke@gmx.de changed owner from draft-ietf-httpbis-p2-semantics@tools.ietf.org to julian.reschke@gmx.de

[mnot]

julian.reschke@gmx.de changed owner from julian.reschke@gmx.de to ``

[mnot]

julian.reschke@gmx.de changed milestone from 15 to unassigned

[mnot]

julian.reschke@gmx.de commented:

Now in HMTL5:

http://html5.org/tools/web-apps-tracker?from=6321&to=6322

[mnot]

@mnot changed owner to mnot@pobox.com

[mnot]

julian.reschke@gmx.de commented:

My tests: http://greenbytes.de/tech/tc/httpredirects/#l-fragments

[mnot]

• @mnot commented:

Proposal: To make this change we could add to:

"The field value consists of a single URI-reference. When it has the form of a relative reference ([RFC3986], Section 4.2), the final value is computed by resolving it against the effective request URI ([RFC3986], Section 5)."

saying

"... If the original URI, as navigated to by the user agent, did contain a fragment identifier, and the final value does not, then the original URI's fragment identifier is added to the final value."

(also add examples)

(and also we would kill http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-18.html#rfc.section.9.5.p.9).

• @mnot changed milestone from unassigned to 19

[mnot]

• julian.reschke@gmx.de changed attachment to 295.diff
• julian.reschke@gmx.de commented:

Proposed patch

[mnot]

julian.reschke@gmx.de commented:

From 1536:

Location header field: define header field recombination in presence of fragment identifiers, mention security impact, rephrase main definition (see #295)

[mnot]

• julian.reschke@gmx.de changed resolution to incorporated
• julian.reschke@gmx.de changed status from new to closed

[mnot]

• @mnot changed resolution from incorporated to ``
• @mnot changed status from closed to reopened

[mnot]

• @mnot changed resolution to fixed
• @mnot changed status from reopened to closed