pywb icon indicating copy to clipboard operation
pywb copied to clipboard

Published 20 hours ago verified publisher icon webrecorder

Use 302 instead of 307 in TimeGate

Open ibnesayeed opened this issue 5 years ago • 3 comments
trafficstars

TimeGate in redirect mode MUST use 302-style content negotiation and not 307, which is not part of the Memento RFC, should 307-style be mandatory, the matter must be discussed with the community to resolve collaboratively in a transparent manner.

See: https://ws-dl.blogspot.com/2020/03/2020-03-26-memento-compliance-audit-of.html#3-4-timegate

ibnesayeed avatar Mar 27 '20 01:03 ibnesayeed

Since browsers change POST to GET when following a 302 redirect some sort of workaround is needed. The obvious options for implementing POST replay seem to be:

  • use 307
  • use 302 but change the URL to include some sort of flag indicating this was a POST originally
  • don't redirect

A compromise might be to use 307 in response to POST requests and 302 in response to other methods to make Memento happy. The Memento RFC doesn't seem to have anything to say about non-GET/HEAD requests anyway and where there is conflict I think it's likely the majority of Pwyb users would prefer replay correctness over strict Memento compliance. :-)

ato avatar Mar 27 '20 04:03 ato

A compromise might be to use 307 in response to POST requests and 302 in response to other methods to make Memento happy.

This sounds like a reasonable approach to me.

I think it's likely the majority of Pwyb users would prefer replay correctness over strict Memento compliance.

They say, "if you want to go fast, go alone, if you want to go far, go together."

Ad hoc and application-specific solutions make users of those specific applications happy and make the life of the app developer easy in a short run, but may cause a mess in the ecosystem where inter-operablity with other tools and services is important.

ibnesayeed avatar Mar 27 '20 04:03 ibnesayeed

Do browsers actually change POST to GET? I know RFC 7231 (nee 2616) "allows" it, but they don't have to.

https://tools.ietf.org/html/rfc7231#section-6.4.3

  Note: For historical reasons, a user agent MAY change the request
  method from POST to GET for the subsequent request.  If this
  behavior is undesired, the 307 (Temporary Redirect) status code
  can be used instead.

So the question becomes: is this a behavior that we're witnessing? Is this happening in the context of oldweb.today with the old browsers? Although it seems unlikely they're doing meaningful replay of archived POST.

Otherwise, I expect the clients that interact with TimeGates to be only clients that we (the web archiving community) write, and we can just say "don't swap GET and POST".

phonedude avatar Mar 27 '20 20:03 phonedude