#23960: HTTP standard no longer requires the Location header to be an absolute URI ------------------------------------------------+------------------------ Reporter: carljm | Owner: nobody Type: Cleanup/optimization | Status: new Component: HTTP handling | Version: 1.7 Severity: Normal | Keywords: Triage Stage: Unreviewed | Has patch: 0 Needs documentation: 0 | Needs tests: 0 Patch needs improvement: 0 | Easy pickings: 0 UI/UX: 0 | ------------------------------------------------+------------------------ RFC 2616 required the `Location` header (in redirect responses) to be an absolute URI. In Django, we have `django.http.utils.fix_location_header()` to unconditionally ensure this.
RFC 2616 has now been superseded by RFC 7231, which allows relative URIs in `Location` (recognizing the actual practice of user agents, almost all of which support them): http://tools.ietf.org/html/rfc7231#section-7.1.2 We should remove `django.http.utils.fix_location_header()`. Since user agents almost universally allow relative `Location` (I'm not aware of any that don't), I don't believe this change requires a deprecation path, but it should of course be noted in the release notes. -- Ticket URL: <https://code.djangoproject.com/ticket/23960> Django <https://code.djangoproject.com/> The Web framework for perfectionists with deadlines. -- You received this message because you are subscribed to the Google Groups "Django updates" group. To unsubscribe from this group and stop receiving emails from it, send an email to django-updates+unsubscr...@googlegroups.com. To post to this group, send email to django-updates@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/django-updates/049.b572df4dc2584ec88ee257fd85a23358%40djangoproject.com. For more options, visit https://groups.google.com/d/optout.