24f143789a
IE since version 6 and recently Chrome and Firefox have started following 302 redirects from XHR requests other than GET/POST using the original request method. This can lead to DELETE requests being redirected amongst other things. Although it doesn't directly affect the Rails framework since it doesn't return a 302 redirect to any non-GET/POST request a note has been added to raise awareness of the issue. Some references: Original article from @technoweenie: http://techno-weenie.net/2011/8/19/ie9-deletes-stuff/ Hacker News discussion of the article: http://news.ycombinator.com/item?id=2903493 WebKit bug report: https://bugs.webkit.org/show_bug.cgi?id=46183 Firefox bug report and changeset: https://bugzilla.mozilla.org/show_bug.cgi?id=598304 https://hg.mozilla.org/mozilla-central/rev/9525d7e2d20d Chrome bug report: http://code.google.com/p/chromium/issues/detail?id=56373 HTTPbis bug report and changeset: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/160 http://trac.tools.ietf.org/wg/httpbis/trac/changeset/1428 Roy T. Fielding's history of the issue: http://ftp.ics.uci.edu/pub/ietf/http/hypermail/1997q3/0611.html Automated browser tests for the issue: http://www.mnot.net/javascript/xmlhttprequest/ Fixes #4144 |
||
---|---|---|
.. | ||
conditional_get.rb | ||
cookies.rb | ||
data_streaming.rb | ||
exceptions.rb | ||
flash.rb | ||
force_ssl.rb | ||
head.rb | ||
helpers.rb | ||
hide_actions.rb | ||
http_authentication.rb | ||
implicit_render.rb | ||
instrumentation.rb | ||
mime_responds.rb | ||
params_wrapper.rb | ||
rack_delegation.rb | ||
redirecting.rb | ||
renderers.rb | ||
rendering.rb | ||
request_forgery_protection.rb | ||
rescue.rb | ||
responder.rb | ||
streaming.rb | ||
testing.rb | ||
url_for.rb |