On Thu, Oct 3, 2013 at 1:06 AM, Chris Darroch <chr...@pearsoncmg.com> wrote:
> Chris Darroch wrote: > > The intent of r1357986 was to deal with a particular, wonky >> sub-case, when the Authorizer returns 200 (so the spec paragraph >> doesn't apply in this case, as it's a 200 OK response), but adds >> a Location header with a relative (not absolute) path. In this case, >> 2.3.7 and previous will run the sub-request and return whatever comes >> out of that -- sometimes munging the end result as a consequence. >> (Note that a 200 with an absolute URL in a Location header just produces >> a 401 response.) >> > > Actually, I have to take back that last parenthetical note -- > with 2.3.7, a 200 + absolute Location URL produces a 302 + Location header, > and with trunk, it produces a 401 like other 200 + Location header cases. > > That might be, I suppose, considered a regression ... let me > think on it a bit. It's not covered by the spec case you mention, since > the script is returning 200. The 2.3.7 behaviour is inconsistent depending > on the nature of the URL in the Location header, given a 200. Trunk > makes that behaviour consistent, but perhaps that's a regression? Hmm. The app is out of spec either way. I think the trunk behavior is better. > > Chris. > > -- > GPG Key ID: 088335A9 > GPG Key Fingerprint: 86CD 3297 7493 75BC F820 6715 F54F E648 0883 35A9 > > -- Born in Roswell... married an alien... http://emptyhammock.com/
