#23960: HTTP standard no longer requires the Location header to be an absolute
URI
------------------------------------------------+------------------------
Reporter: carljm | Owner: nobody
Type: Cleanup/optimization | Status: new
Component: HTTP handling | Version: 1.7
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
------------------------------------------------+------------------------
RFC 2616 required the `Location` header (in redirect responses) to be an
absolute URI. In Django, we have `django.http.utils.fix_location_header()`
to unconditionally ensure this.
RFC 2616 has now been superseded by RFC 7231, which allows relative URIs
in `Location` (recognizing the actual practice of user agents, almost all
of which support them): http://tools.ietf.org/html/rfc7231#section-7.1.2
We should remove `django.http.utils.fix_location_header()`.
Since user agents almost universally allow relative `Location` (I'm not
aware of any that don't), I don't believe this change requires a
deprecation path, but it should of course be noted in the release notes.
--
Ticket URL: <https://code.djangoproject.com/ticket/23960>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
--
You received this message because you are subscribed to the Google Groups
"Django updates" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to django-updates+unsubscr...@googlegroups.com.
To post to this group, send email to django-updates@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/django-updates/049.b572df4dc2584ec88ee257fd85a23358%40djangoproject.com.
For more options, visit https://groups.google.com/d/optout.
