* * * * *

                 How many redirects does your browser follow?

An observation [1] on the Gemini [2] mailing list [3] led me down a very
small rabbit hole. I recalled at one time that a web browser was only
supposed to follow five consecutive redirects, and sure enough, in RFC
(Request For Comments)-2068 (Hypertext Transfer Protocol – HTTP/1.1) [4]:

> 10.3 Redirection 3xx
>
> This class of status code indicates that further action needs to be taken
> by the user agent in order to fulfill the request. The action required MAY
> be carried out by the user agent without interaction with the user if and
> only if the method used in the second request is GET or HEAD. A user agent
> SHOULD NOT automatically redirect a request more than 5 times, since such
> redirections usually indicate an infinite loop.
>

“Hypertext Transfer Protocol -- HTTP/1.1 [5]”

But that's an old standard from 1997. In fact, the next revision, RFC-2616
(Hypertext Transfer Protocol – HTTP/1.1) [6], updated this section:

> 10.3 Redirection 3xx
>
> This class of status code indicates that further action needs to be taken
> by the user agent in order to fulfill the request. The action required MAY
> be carried out by the user agent without interaction with the user if and
> only if the method used in the second request is GET or HEAD. A client
> SHOULD detect infinite redirection loops, since such loops generate network
> traffic for each redirection.
>
> Note: previous versions of this specification recommended a maximum of five
> redirections. Content developers should be aware that there might be
> clients that implement such a fixed limitation.
>

“Hypertext Transfer Protocol -- HTTP/1.1 [7]”

And subsequent updates have kept that language. So it appears that clients
SHOULD NOT (using language from RFC-2119 (Key words for use in RFCs to
Indicate Requirement Levels) [8]) limit itself to just five times, but still
SHOULD detect loops. It seems like this was changed due to market pressure
from various companies and I think the practical limit has gone up over the
years.

I know the browser I use, Firefox [9], is highly configurable and decided to
see if its configuration [10] included a way to limit redirections. And lo',
it does! The option network.http.redirection- limit exists, and the current
default value is “20”. I'm curious to see what happens if I set that to “5”.
I wonder how many sites will break?

[1] https://lists.orbitalfox.eu/archives/gemini/2019/000201.html
[2] gopher://zaibatsu.circumlunar.space:70/1/~solderpunk/gemini
[3] https://lists.orbitalfox.eu/listinfo/gemini
[4] https://www.ietf.org/rfc/rfc2068.txt
[5] https://www.ietf.org/rfc/rfc2068.txt
[6] https://www.ietf.org/rfc/rfc2616.txt
[7] https://www.ietf.org/rfc/rfc2616.txt
[8] https://www.ietf.org/rfc/rfc2119.txt
[9] https://www.mozilla.org/
[10] about:config

Email author at [email protected]

You are viewing proxied material from gopher.conman.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.