a) it appears that HEAD requests are slow (for some value of slow); maybe they time out because something is waiting for the payload? b) when following a redirect, the method name is never rewritten. However, it needs to be rewritten for status code 303 (to GET, unless the request was HEAD). It probably also should be rewritten for 301 and 302 (POST->GET) for compatibility with other browsers. Full test suite: http://greenbytes.de/tech/tc/httpredirects/ Reproducible: Always Steps to Reproduce: 1. Run tests at http://greenbytes.de/tech/tc/httpredirects/t301methods.html and http://greenbytes.de/tech/tc/httpredirects/t303methods.html Actual Results: HEAD slow. When following a redirect, the method name is never rewritten. However, it needs to be rewritten for status code 303 (to GET, unless the request was HEAD). It probably also should be rewritten for 301 and 302 (POST->GET) for compatibility with other browsers. Expected Results: HEAD should not time out. Method rewriting for 303 needs to follow the HTTP spec.
a) is only true for the khtml browser engine. b) applies to the kio_http ioslave and hence anything that uses it. Can you please open a separate report against the KHTML browser engine for a. I will fix b with this ticket.
Fix pending review: https://git.reviewboard.kde.org/r/115651/
Note that the above fix is tested using both KHTML and webkit engines. For some reason HEAD XHR requests are not only slow, but also fail the redirection request with this fix.
Git commit 944eb352595a912fc829b1fca4edfca7d00c4de1 by Dawit Alemayehu. Committed on 11/02/2014 at 10:11. Pushed by adawit into branch 'KDE/4.12'. Fix redirection handling in kio_http. REVIEW: 115651 FIXED-IN: 4.12.3 M +1 -0 kio/DESIGN.metadata M +4 -2 kio/kio/accessmanager.cpp M +3 -2 kio/kio/accessmanagerreply_p.cpp M +7 -1 kio/kio/job.cpp M +29 -13 kioslave/http/http.cpp http://commits.kde.org/kdelibs/944eb352595a912fc829b1fca4edfca7d00c4de1
The fix looks correct to me, but the code comments are somewhat misleading. You may want to cite <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-26.html#status.3xx> instead.
(In reply to comment #5) > The fix looks correct to me, but the code comments are somewhat misleading. > You may want to cite > <http://greenbytes.de/tech/webdav/draft-ietf-httpbis-p2-semantics-26. > html#status.3xx> instead. Dunno why you think the code comment is misleading. It was exactly what was there before and the cited sections of the actual RFC we implemented 2616 clearly stated that changing a POST request to a GET as a result of a 301 response is wrong: 10.3.2 301 Moved Temporarily .... If the 301 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued. Note: When automatically redirecting a POST request after receiving a 301 status code, some existing HTTP/1.0 user agents will erroneously change it into a GET request. 10.3.3 302 Found If the 302 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued. Note: RFC 1945 and RFC 2068 specify that the client is not allowed to change the method on the redirected request. However, most existing user agent implementations treat 302 as if it were a 303 response, performing a GET on the Location field-value regardless of the original request method. The status codes 303 and 307 have been added for servers that wish to make unambiguously clear which kind of reaction is expected of the client. So I fail to see why the comment would be wrong regardless of which spec it pointed to. KDE's KIO completely ignores the first part, "must not automatically redirect without prompting the user", purposefully violates the second to conform to prevailing implementations. BTW, even after the fixes for this bug and #331007 are merged, we will not be fully compliant because we cannot easily fix the POST->POST redirection that is expected for 307 and 308 responses. IOW, POST redirection for 307/308 response will still be converted to a GET request.
The code comment is misleading because RFC 2616 has been obsoleted by the document that I referenced.
Git commit 863f775bacf0a8f7a8ec34f558cc46ceabeacdf8 by Andrea Iacovitti. Committed on 12/03/2014 at 21:17. Pushed by aiacovitti into branch 'master'. Fix redirection handling in kio_http. REVIEW: 115651 FIXED-IN: 4.12.3 (Forwardport kdelibs commit 944eb35) CCMAIL: adawit@kde.org M +1 -0 docs/metadata.txt M +7 -1 src/core/transferjob.cpp M +29 -13 src/ioslaves/http/http.cpp M +4 -2 src/widgets/accessmanager.cpp M +3 -2 src/widgets/accessmanagerreply_p.cpp http://commits.kde.org/kio/863f775bacf0a8f7a8ec34f558cc46ceabeacdf8