Chris Darroch wrote:
The intent of r1357986 was to deal with a particular, wonky sub-case, when the Authorizer returns 200 (so the spec paragraph doesn't apply in this case, as it's a 200 OK response), but adds a Location header with a relative (not absolute) path. In this case, 2.3.7 and previous will run the sub-request and return whatever comes out of that -- sometimes munging the end result as a consequence. (Note that a 200 with an absolute URL in a Location header just produces a 401 response.)
Actually, I have to take back that last parenthetical note -- with 2.3.7, a 200 + absolute Location URL produces a 302 + Location header, and with trunk, it produces a 401 like other 200 + Location header cases. That might be, I suppose, considered a regression ... let me think on it a bit. It's not covered by the spec case you mention, since the script is returning 200. The 2.3.7 behaviour is inconsistent depending on the nature of the URL in the Location header, given a 200. Trunk makes that behaviour consistent, but perhaps that's a regression? Hmm. Chris. -- GPG Key ID: 088335A9 GPG Key Fingerprint: 86CD 3297 7493 75BC F820 6715 F54F E648 0883 35A9
