Location header question

G*rd*n

I have been using the HTTP "Location" reponse header to direct
a symbolic request to a CGI program to an actual URL/file. For
example, let us suppose the CGI program's table indicates
xyz -> /this/that/the.other.thing .html, then redirect.cgi?xy z
results in the page /this/that... being sent. redirect.cgi
is usually in another directory than the page it is to supply.
This works fine as far as it goes.

A problem arises when the actual URL contains, for example,
image sources in its own directory. The file names are not
sought relative to the current URL (apparently) -- the one
supplied by the "Location:" header -- but (perhaps?) to the
previous URL. So the images can't be found and either a
blank or an error icon results, depending on the browser.
The browser in this case is either a recent Mozilla or
Firefox browser. I have not tried this with IE which under
interdiction in the client's office anyway.

The HTTP 1.1 specification says,

14.30 Location

The Location response-header field is used to redirect the
recipient to a location other than the Request-URI for
completion of the request or identification of a new resource.
For 201 (Created) responses, the Location is that of the
new resource which was created by the request. For 3xx
responses, the location SHOULD indicate the server's preferred
URI for automatic redirection to the resource. The field
value consists of a single absolute URI.

Location = "Location" ":" absoluteURI

An example is:

Location: http://www.w3.org/pub/WWW/People.html

My usage (in the CGI program) has been to send the Location
response, e.g. "Location: /this/that/the.other.thing .html" in
response to "redirector.cgi ?xyz" coming from an HREF. I
notice the example has the full site name. I would prefer
to avoid this since the names of the sites involved might
change from time to time, necessitating the change of
configuration files and the checking thereof. For the time
being I can assume the location target will be on the same
site as the CGI.

It seems to me that the specification implies that, once
the browser has begun reading the page, it should use its
virtual path (/this/that/) as a prefix for any relative
src or href targets in the file. But maybe I'm doing something
wrong, or misunderstandin g the specification. Your comments
or ideas would be appreciated.

Clearly, there are schemes by which this problem can be
solved, such as reading the target page and rewriting the
href and src targets, but I would prefer not to go to all
that error-inviting trouble and just feed the location if
I can (and get the browser to read the relative links
correctly).

Dec 9 '05 #1

Subscribe Reply

2885

Philip Ronan

"G*rd*n" wrote:

The HTTP 1.1 specification says,

14.30 Location

... The field value consists of a single absolute URI.

Location = "Location" ":" absoluteURI

My usage (in the CGI program) has been to send the Location
response, e.g. "Location: /this/that/the.other.thing .html" in
response to "redirector.cgi ?xyz" coming from an HREF. I
notice the example has the full site name. I would prefer
to avoid this since the names of the sites involved might
change from time to time

So you realize that a partial URL is invalid content for a Location header,
but you still think you should carry on this way? This is just laziness on
your part.

I'm not aware of a single server scripting language that doesn't allow you
to find out the host name of the domain where the script is being executed.
(In PHP, fpr example, you can use $_SERVER["HTTP_HOST"]).

You've made a good start by reading the HTTP specification. Now try reading
the documentation of your server scripting language.

--
phil [dot] ronan @ virgin [dot] net
http://vzone.virgin.net/phil.ronan/

Dec 9 '05 #2

G*rd*n

> "G*rd*n" wrote:

The HTTP 1.1 specification says,

14.30 Location

... The field value consists of a single absolute URI.

Location = "Location" ":" absoluteURI
My usage (in the CGI program) has been to send the Location
response, e.g. "Location: /this/that/the.other.thing .html" in
response to "redirector.cgi ?xyz" coming from an HREF. I
notice the example has the full site name. I would prefer
to avoid this since the names of the sites involved might
change from time to time

Philip Ronan <in*****@invali d.invalid>: So you realize that a partial URL is invalid content for a Location header,
but you still think you should carry on this way? This is just laziness on
your part.

Laziness is supposed to be a virtue in programmers. I have
managed some enthusiastic programmers in the past and they
can get you in a _lot_ of trouble, although not in as much
trouble as enthusiastic lawyers.

However, laziness notwithstanding , I do need stuff to work.
Scripting is not a problem; the problem is my too-lazy guess
about what I could get away with in using the Location header.
I suppose the relative addresses I supplied should not have
worked at all. In any case, I will concoct absolute URIs as
defined in the HTTP specs and see if that works.

Thanks for your help.

I'm not aware of a single server scripting language that doesn't allow you
to find out the host name of the domain where the script is being executed.
(In PHP, fpr example, you can use $_SERVER["HTTP_HOST"]).

You've made a good start by reading the HTTP specification. Now try reading
the documentation of your server scripting language.

--
phil [dot] ronan @ virgin [dot] net
http://vzone.virgin.net/phil.ronan/

Dec 9 '05 #3

Nick Kew

Philip Ronan wrote:

My usage (in the CGI program) has been to send the Location
response, e.g. "Location: /this/that/the.other.thing .html" in
response to "redirector.cgi ?xyz" coming from an HREF. I
notice the example has the full site name. I would prefer
to avoid this since the names of the sites involved might
change from time to time

So you realize that a partial URL is invalid content for a Location header,

HTTP Location header, yes.

CGI Location header is different: there's no requirement to send the
full URL.

Confusing? Exactly:-)

--
Nick Kew

Dec 9 '05 #4

David Dorward

Nick Kew wrote:

CGI Location header is different: there's no requirement to send the
full URL.

Why? Does the CGI spec mandate munging of the header to an absolute URL? Do
the common CGI libraries do the munging for you?

--
David Dorward <http://blog.dorward.me .uk/> <http://dorward.me.uk/>
Home is where the ~/.bashrc is

Dec 9 '05 #5

G*rd*n

> >>My usage (in the CGI program) has been to send the Location

response, e.g. "Location: /this/that/the.other.thing .html" in
response to "redirector.cgi ?xyz" coming from an HREF. I
notice the example has the full site name. I would prefer
to avoid this since the names of the sites involved might
change from time to time

Philip Ronan wrote: So you realize that a partial URL is invalid content for a Location header,

Nick Kew <ni**@asgard.we bthing.com>: HTTP Location header, yes.

CGI Location header is different: there's no requirement to send the
full URL.

Confusing? Exactly:-)

According to http://cgi-spec.golux.com/issues-120-detailed.html:

# The "Location" header field and relative URIs

The Location response header field description doesn't conform to current practice as relative URLs
seem to be acceptable for redirects. (hmmm... I wonder if this is an HTTP/1.1 issue also). This
description limits the Location to use with GET/HEAD which is in conflict with HTTP/1.1.

[a reply:] Here's a grey area. The specification in this draft does not match that in the NCSA
documentation, which provides for limited local redirects internal to the server (they don't get
sent back to the client as a 'real' redirect). So that's a break with current practice that needs to
be fixed. On the other hand, the grey area starts forming because this is overloading an HTTP header
field (Location, which takes only an absoluteURI) with a CGI field that has different semantics
(Location, which can take an absoluteURI or a server-local URI [with some restrictions]). I'm not
sure how to handle this; perhaps define the CGI semantics but make a note that this is also the name
of an HTTP field with differing ones? Suggestions? I've discussed the overloading issue briefly with
Roy Fielding, and he remarked that it should be safe to avoid this sort of collision by naming CGI
header fields with a "CGI-" prefix.

Status:
Open

According to a great number of other pages purporting to tell
how to use the Location header from CGI, it's the same as the
HTTP Location header. W3C's page on CGI points to the above.

Dec 10 '05 #6

Alan J. Flavell

On Fri, 9 Dec 2005, G*rd*n wrote:

Philip Ronan <in*****@invali d.invalid>:
So you realize that a partial URL is invalid content for a
Location header, but you still think you should carry on this way?
This is just laziness on your part.
Laziness is supposed to be a virtue in programmers.

The Perl community has a rather good understanding of "laziness"
in this sense. It doesn't mean what many superficial commentators
suppose it to mean. I haven't worked out where you stand on that
question, so "no offence intended".
I have managed some enthusiastic programmers in the past and they
can get you in a _lot_ of trouble, although not in as much trouble
as enthusiastic lawyers.
The truly lazy programmer will save themself from unnecessary and
complicated debugging work by following the published specifications
whenever possible, instead of trying to "get away with it".

The original CGI spec has two defined variants of the *CGI* Location:
header:

1. an absolute external URL (leads to a 30x HTTP response and
a properly-specified *HTTP* Location: header)

2. an absolute URL path (i.e without any initial "http://"
part). This is required to be resolved internally by the
server, and will not result in any 30x response nor HTTP
Location: header.

Best place I know for current specification status is the
informational RFC http://www.ietf.org/rfc/rfc3875 , see section 6.3.2.

All else is a potential grey area - even if the spec were to be
clarified by trying to specify the behaviour of some subset of
that grey area, it wouldn't be binding on existing applications, so
the lazy programmer would do well to avoid pointless extra work by
confining themselves to the existing defined cases.
However, laziness notwithstanding , I do need stuff to work.

But first define "work", for cases where the interworking
specification does not say what's to happen. The usual sloppy answer
"does what I intended, with the software that I tried" would be
disqualified by any truly-lazy programmer.

IMHO, anyway

Dec 20 '05 #7

Similar topics

4440

header("Location:...") question

by: Stijn Goris | last post by:

Hi all, I have a question regarding the header function. I send a browser to a certain page (eg first.php ) wich sends no output to the browser. This page sends the browser to another page (eg second.php) with the header("Location:") function. second.php doesn't either send any output to the browser. The browser is then send to another page also with the header() function. Now my problem: I have to send user and password data...

PHP

6260

redirecting with header(Location:blah

by: Jeff | last post by:

I've been able to find this question on a Google group search but not the answer. Plus I'm a late convert to php transferring over from ASP. I hope this isn't too many strikes against me. When I issue a "header(Location:/myscript.php?key1=value1&key2=value2);" the redirect happens just fine but the url in the address field keeps the previous url instead of the url I passed in the header call. This seems to happen only with I.E....

PHP

5666

header('Location:') jump ignored?

by: Margaret MacDonald | last post by:

I'm seeing a problem that has me flummoxed. The only thing I can think of is that I'm violating some rule I don't know about. I have some code that does some processing and then does a header('Location: ...) jump to page A on success or falls through to the jump to page B. This is the code: if ( mysql_query( 'LOCK TABLES tableX WRITE', $link ) ) { mysql_query( $q, $link ) ; // store the record

PHP

1233

output sent and location header

by: chotiwallah | last post by:

there has been a thread about this topic a couple of days ago, but nothing was really solved there http://groups-beta.google.com/group/comp.lang.php/browse_thread/thread/69fbc90018c36198/d6148bd281577091?q=location+debug&rnum=1#d6148bd281577091 i just stumbled abou the same thing, so i take up the question again. i have a page that sends output (via session_start(), the cookie is there) and calls a location header afterwards. against...

PHP

2081

When I set the location property for a control, stack overflows

by: Will Pittenger | last post by:

I have a Control derived class. When the parent of the control changes the control's Location property, the stack overflows. I have not found a way to find out what was on the stack when it does overflow. All I know is that the program is either stopped due to an exception at the end of Main or has exited after the Stack Overflow exception. (Both cases are Debug builds running in the debugger.) After a lot of trial and error (mostly...

.NET Framework

3644

Aren't session variable preserved using "Header('Location: xxx')"?

by: lwoods | last post by:

I am trying to pass some info to another page on my site. I set "session_start()" in page 1, assign a session variable to a value, then execute a "header('Location: ....')." But on the target page I don't get any session variable values! BTW, I used a relative location in the Location header, not an absolute URL. The behavior looks like it started another session, but it should not have. Ideas? TIA,

PHP

8940

header ( ' Location .... with variable

by: Ladbroke | last post by:

Hiya, got a little prob with the syntax for header ( ' Location .... with variable). Usually examples are given with a complete URL, like: ..... header( 'Location: login/testsite/start.php' ); I'd like to use particular read out data from my database (URL) (variable $result).

PHP

5454

header(Location: $var) loops in IE

by: P-Rage | last post by:

Hello everyone, I was wondering what could possibly cause Internet Explorer 6 to loop a page usging a header(Location:) statement. For example, a page called 'page1.php': if((isset($_POST)) && ($name='valid')){ // insert some data into MySQL.

PHP

6134

php - header Location very slow

by: One | last post by:

Hi guys - I have a problem after a client clicks a Confirm button on a form - the form processes the data, inserts into a database, and then redirects using header Location. I have tested this on two different Linux/Apache servers. One works perfectly, the other takes about 90 seconds to redirect. Has anyone seen this issue before ? It uses a function like this :

PHP

8888

What is ONU?

by: marktang | last post by:

ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However, people are often confused as to whether an ONU can Work As a Router. In this blog post, we’ll explore What is ONU, What Is Router, ONU & Router’s main usage, and What is the difference between ONU and Router. Let’s take a closer look ! Part I. Meaning of...

General

8752

Changing the language in Windows 10

by: Hystou | last post by:

Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...

Windows Server

9401

Problem With Comparison Operator <=> in G++

by: Oralloy | last post by:

Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...

C / C++

9257

Maximizing Business Potential: The Nexus of Website Design and Digital Marketing

by: jinu1996 | last post by:

In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth. The Art of Business Website Design Your website is...

Online Marketing

9174

The easy way to turn off automatic updates for Windows 10/11

by: Hystou | last post by:

Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...

Windows Server

8096

AI Job Threat for Devs

by: agi2029 | last post by:

Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own.... Now, this would greatly impact the work of software developers. The idea...

Career Advice

6702

Access Europe - Using VBA to create a class based on a table - Wed 1 May

by: isladogs | last post by:

The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...

Microsoft Access / VBA

4782

Windows Forms - .Net 8.0

by: adsilva | last post by:

A Windows Forms form does not have the event Unload, like VB6. What one acts like?

Visual Basic .NET

2157

Comprehensive Guide to Website Development in Toronto: Expert Insights from BSMN Consultancy

by: bsmnconsultancy | last post by:

In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

General