[Django] #23960: HTTP standard no longer requires the Location header to be an absolute URI
Django
------------------------------------------------+------------------------
Reporter: carljm | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: HTTP handling | Version: 1.7
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------------------------------+------------------------
RFC 2616 required the `Location` header (in redirect responses) to be an
absolute URI. In Django, we have `django.http.utils.fix_location_header()`
to unconditionally ensure this.
RFC 2616 has now been superseded by RFC 7231, which allows relative URIs
in `Location` (recognizing the actual practice of user agents, almost all
of which support them): http://tools.ietf.org/html/rfc7231#section-7.1.2
We should remove `django.http.utils.fix_location_header()`.
Since user agents almost universally allow relative `Location` (I'm not
aware of any that don't), I don't believe this change requires a
deprecation path, but it should of course be noted in the release notes.
--
Ticket URL: <https://code.djangoproject.com/ticket/23960>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: carljm | Owner: nobody
Type: | Status: new
Cleanup/optimization | Version: 1.7
Component: HTTP handling | Resolution:
Severity: Normal | Triage Stage:
Keywords: | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by timgraham):
This was discussed on IRC I think, and Matt Robenolt
[https://github.com/mattrobenolt/django/compare/relative drafted a patch]
using a setting to control the behavior -- not sure the justification for
doing that over just dropping it as you've proposed.
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:1>
Django
Reporter: carljm | Owner: nobody
Type: | Status: new
Cleanup/optimization | Version: 1.7
Component: HTTP handling | Resolution:
Severity: Normal | Triage Stage:
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by carljm):
If we were going to continue to provide support for this in Django, it
seems like a built-in middleware would make more sense than a dedicated
setting.
But are there really good enough reasons to be doing this server-side that
there needs to be built-in support in Django?
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:2>
Django
Reporter: carljm | Owner: nobody
Type: | Status: new
Cleanup/optimization | Version: 1.7
Component: HTTP handling | Resolution:
Severity: Normal | Triage Stage:
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by aaugustin):
I would just drop the unconditional fix and document the change in the
release notes.
(In fact I consider all unconditional `response_fixes` to be
`response_breaks`. We removed the two IE-specific ones in [3800f637]. I
bet we'll end up removing them all.)
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:3>
Django
Reporter: carljm | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: HTTP handling | Version: 1.7
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
Changes (by timgraham):
* needs_better_patch: 0 => 1
* has_patch: 0 => 1
* stage: Unreviewed => Accepted
Comment:
I started this, but it seems it will take more than 5 minutes as the test
client currently relies on always receiving an absolute URI. I haven't
looked into what's required to fix it.
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:4>
Django
Reporter: carljm | Owner: claudep
Type: Cleanup/optimization | Status: assigned
Component: HTTP handling | Version: 1.7
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
Changes (by claudep):
* owner: nobody => claudep
* status: new => assigned
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:5>
Django
Reporter: carljm | Owner: claudep
Type: Cleanup/optimization | Status: assigned
Keywords: | Triage Stage: Accepted
Needs tests: 0 | Patch needs improvement: 1
Easy pickings: 0 | UI/UX: 0
Comment (by collinanderson):
This might fix #17092
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:6>
Django
Reporter: carljm | Owner: claudep
Type: | Status: assigned
Cleanup/optimization |
Component: HTTP handling | Version: 1.7
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by timgraham):
* needs_better_patch: 1 => 0
* stage: Accepted => Ready for checkin
Comment:
[https://github.com/django/django/pull/4317 PR] from Claude looks good.
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:7>
Django
Reporter: carljm | Owner: claudep
Cleanup/optimization |
Component: HTTP handling | Version: 1.7
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by Claude Paroz <claude@…>):
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"a0c2eb46dd5a782c11c44f13c8efad2778be1641" a0c2eb46]:
{{{
#!CommitTicketReference repository=""
revision="a0c2eb46dd5a782c11c44f13c8efad2778be1641"
Fixed #23960 -- Removed http.fix_location_header
Thanks Carl Meyer for the report and Tim Graham for the review.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:8>
Django
Reporter: carljm | Owner: claudep
Type: | Status: closed
Cleanup/optimization |
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by dbrgn):
* version: 1.7 => 1.9
Comment:
Changing the version to "1.9", as that's the release that first contains
the fix.
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:9>
Django
Reporter: carljm | Owner: claudep
Type: | Status: closed
Cleanup/optimization |
Component: HTTP handling | Version: 1.9
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by aaugustin):
The version field usually represents the first version in which a bug is
detected. It doesn't matter very much anyway.
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:10>
Django
Reporter: carljm | Owner: claudep
Type: | Status: closed
Cleanup/optimization |
Component: HTTP handling | Version: 1.9
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by dbrgn):
* cc: mail@… (added)
Comment:
Oops, I didn't realize that. Well, since it's not really a "bug" per se,
it probably won't hurt in this case :) I'll try to remember for the future
though.
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:11>
Django
Reporter: carljm | Owner: claudep
Type: | Status: closed
Cleanup/optimization |
Component: HTTP handling | Version: 1.9
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"08b8c4697112e8dae90e72afc7d85bd31ead0410" 08b8c469]:
{{{
#!CommitTicketReference repository=""
revision="08b8c4697112e8dae90e72afc7d85bd31ead0410"
Refs #23960 -- Documented how to restore absolute redirect URLs.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:12>
Django
Reporter: carljm | Owner: claudep
Type: | Status: closed
Cleanup/optimization |
Component: HTTP handling | Version: 1.9
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"6977eaf8443bea1f1f965f2931b082233279e3f9" 6977eaf8]:
{{{
#!CommitTicketReference repository=""
revision="6977eaf8443bea1f1f965f2931b082233279e3f9"
[1.10.x] Refs #23960 -- Documented how to restore absolute redirect URLs.
Backport of 08b8c4697112e8dae90e72afc7d85bd31ead0410 from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:13>
Django
Reporter: carljm | Owner: claudep
Type: | Status: closed
Cleanup/optimization |
Component: HTTP handling | Version: 1.9
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"f0bf535f2b6f1691d32107c78cacb6b0fa63fcf2" f0bf535]:
{{{
#!CommitTicketReference repository=""
revision="f0bf535f2b6f1691d32107c78cacb6b0fa63fcf2"
[1.9.x] Refs #23960 -- Documented how to restore absolute redirect URLs.
Backport of 08b8c4697112e8dae90e72afc7d85bd31ead0410 from master
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:14>
Django
Reporter: Carl Meyer | Owner: Claude
Type: | Paroz
Cleanup/optimization | Status: closed
Component: HTTP handling | Version: 1.9
Severity: Normal | Resolution: fixed
Keywords: | Triage Stage: Ready for
| checkin
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Comment (by Tim Graham <timograham@…>):
In [changeset:"0f454f5d4df5d07b713e5f5633f8b56ae70c7cf9" 0f454f5]:
{{{
#!CommitTicketReference repository=""
revision="0f454f5d4df5d07b713e5f5633f8b56ae70c7cf9"
Refs #23960 -- Removed the host parameter for
SimpleTestCase.assertRedirects().
Per deprecation timeline.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/23960#comment:15>