diff options
| -rwxr-xr-x | net/data/url_request_unittest/redirect307-to-echoall | 1 | ||||
| -rwxr-xr-x | net/data/url_request_unittest/redirect307-to-echoall.mock-http-headers | 2 | ||||
| -rw-r--r-- | net/url_request/url_request.cc | 22 | ||||
| -rw-r--r-- | net/url_request/url_request_unittest.cc | 9 |
4 files changed, 24 insertions, 10 deletions
diff --git a/net/data/url_request_unittest/redirect307-to-echoall b/net/data/url_request_unittest/redirect307-to-echoall new file mode 100755 index 0000000..7898192 --- /dev/null +++ b/net/data/url_request_unittest/redirect307-to-echoall @@ -0,0 +1 @@ +a diff --git a/net/data/url_request_unittest/redirect307-to-echoall.mock-http-headers b/net/data/url_request_unittest/redirect307-to-echoall.mock-http-headers new file mode 100755 index 0000000..33393cc --- /dev/null +++ b/net/data/url_request_unittest/redirect307-to-echoall.mock-http-headers @@ -0,0 +1,2 @@ +HTTP/1.1 307 Yo +Location: /echoall/ diff --git a/net/url_request/url_request.cc b/net/url_request/url_request.cc index ab2212b..79ea708 100644 --- a/net/url_request/url_request.cc +++ b/net/url_request/url_request.cc @@ -327,10 +327,6 @@ std::string URLRequest::StripPostSpecificHeaders(const std::string& headers) { } int URLRequest::Redirect(const GURL& location, int http_status_code) { - // TODO(darin): treat 307 redirects of POST requests very carefully. we - // should prompt the user before re-submitting the POST body. - DCHECK(!(method_ == "POST" && http_status_code == 307)) << "implement me!"; - if (redirect_limit_ <= 0) { DLOG(INFO) << "disallowing redirect: exceeds limit"; return net::ERR_TOO_MANY_REDIRECTS; @@ -341,17 +337,23 @@ int URLRequest::Redirect(const GURL& location, int http_status_code) { return net::ERR_UNSAFE_REDIRECT; } - // NOTE: even though RFC 2616 says to preserve the request method when - // following a 302 redirect, normal browsers don't do that. instead, they - // all convert a POST into a GET in response to a 302, and so shall we. - bool was_post = method_ == "POST"; + bool strip_post_specific_headers = false; + if (http_status_code != 307) { + // NOTE: Even though RFC 2616 says to preserve the request method when + // following a 302 redirect, normal browsers don't do that. Instead, they + // all convert a POST into a GET in response to a 302 and so shall we. For + // 307 redirects, browsers preserve the method. The RFC says to prompt the + // user to confirm the generation of a new POST request, but IE omits this + // prompt and so shall we. + strip_post_specific_headers = method_ == "POST"; + method_ = "GET"; + } url_ = location; - method_ = "GET"; upload_ = 0; status_ = URLRequestStatus(); --redirect_limit_; - if (was_post) { + if (strip_post_specific_headers) { // If being switched from POST to GET, must remove headers that were // specific to the POST and don't have meaning in GET. For example // the inclusion of a multipart Content-Type header in GET can cause diff --git a/net/url_request/url_request_unittest.cc b/net/url_request/url_request_unittest.cc index 4a82c4e..d344319 100644 --- a/net/url_request/url_request_unittest.cc +++ b/net/url_request/url_request_unittest.cc @@ -885,3 +885,12 @@ TEST_F(URLRequestTest, Post302RedirectGet) { EXPECT_TRUE(ContainsString(data, "Accept-Charset:")); } +TEST_F(URLRequestTest, Post307RedirectPost) { + TestServer server(L"net/data/url_request_unittest"); + TestDelegate d; + TestURLRequest req(server.TestServerPage("files/redirect307-to-echoall"), &d); + req.set_method("POST"); + req.Start(); + MessageLoop::current()->Run(); + EXPECT_EQ(req.method(), "POST"); +} |