diff options
| author | Andrew White <andyw@pixeltrix.co.uk> | 2012-04-30 06:37:19 +0100 |
|---|---|---|
| committer | Andrew White <andyw@pixeltrix.co.uk> | 2012-04-30 06:37:19 +0100 |
| commit | 24f143789a8989f3bccde14ff28067de25cafd87 (patch) | |
| tree | f7b2fa526f67b4b57b26ca96da257f249d5d8f7f /actionpack | |
| parent | cb9f7f488a3be71ee4704a4e62f545ebd3f95310 (diff) | |
| download | rails-24f143789a8989f3bccde14ff28067de25cafd87.tar.gz rails-24f143789a8989f3bccde14ff28067de25cafd87.tar.bz2 rails-24f143789a8989f3bccde14ff28067de25cafd87.zip | |
Add note about using 303 See Other for XHR requests other than GET/POST
IE since version 6 and recently Chrome and Firefox have started following
302 redirects from XHR requests other than GET/POST using the original request
method. This can lead to DELETE requests being redirected amongst other things.
Although it doesn't directly affect the Rails framework since it doesn't return
a 302 redirect to any non-GET/POST request a note has been added to raise
awareness of the issue. Some references:
Original article from @technoweenie:
http://techno-weenie.net/2011/8/19/ie9-deletes-stuff/
Hacker News discussion of the article:
http://news.ycombinator.com/item?id=2903493
WebKit bug report:
https://bugs.webkit.org/show_bug.cgi?id=46183
Firefox bug report and changeset:
https://bugzilla.mozilla.org/show_bug.cgi?id=598304
https://hg.mozilla.org/mozilla-central/rev/9525d7e2d20d
Chrome bug report:
http://code.google.com/p/chromium/issues/detail?id=56373
HTTPbis bug report and changeset:
http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160
http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1428
Roy T. Fielding's history of the issue:
http://ftp.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0611.html
Automated browser tests for the issue:
http://www.mnot.net/javascript/xmlhttprequest/
Fixes #4144
Diffstat (limited to 'actionpack')
| -rw-r--r-- | actionpack/lib/action_controller/metal/redirecting.rb | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/actionpack/lib/action_controller/metal/redirecting.rb b/actionpack/lib/action_controller/metal/redirecting.rb index 35ded8a56c..5e7bd44562 100644 --- a/actionpack/lib/action_controller/metal/redirecting.rb +++ b/actionpack/lib/action_controller/metal/redirecting.rb @@ -45,6 +45,16 @@ module ActionController # integer, or a symbol representing the downcased, underscored and symbolized description. # Note that the status code must be a 3xx HTTP code, or redirection will not occur. # + # If you are using XHR requests other than GET or POST and redirecting after the + # request then some browsers will follow the redirect using the original request + # method. This may lead to undesirable behavior such as a double DELETE. To work + # around this you can return a <tt>303 See Other</tt> status code which will be + # followed using a GET request. + # + # Examples: + # redirect_to posts_url, :status => :see_other + # redirect_to :action => 'index', :status => 303 + # # It is also possible to assign a flash message as part of the redirection. There are two special accessors for the commonly used flash names # +alert+ and +notice+ as well as a general purpose +flash+ bucket. # |