WordPress.org

Make WordPress Core

Opened 8 years ago

Closed 7 years ago

#4790 closed defect (bug) (wontfix)

Tracback should 301 redirect instead of 302

Reported by: joostdevalk Owned by:
Milestone: Priority: normal
Severity: minor Version: 2.3
Component: XML-RPC Keywords: has-patch
Focuses: Cc:

Description

If someone opens a trackback url without actually sending a trackback, he is redirected to the original post. That redirect is a 302 redirect. This causes all kinds of issues as links to the trackback URL are included in many themes by default, search engines follow these links and search engines can't really handle the 302 redirect well.

Since opening a trackback URL with a normal browser is never meant to give you anything, it's quite safe to make the 302 into a 301 redirect.

I have tested this fix and have found it to work perfectly.

Attachments (2)

trackback-redirect.diff (390 bytes) - added by joostdevalk 8 years ago.
Patch
trackback-redirect.2.diff (390 bytes) - added by JoostdeValk 8 years ago.
Patch 2

Download all attachments as: .zip

Change History (17)

@joostdevalk8 years ago

Patch

comment:1 @joostdevalk8 years ago

  • Keywords commit removed

The commit bit was a bit too early perhaps :P

comment:2 @JeremyVisser8 years ago

  • Keywords commit added
  • Severity changed from normal to minor

Nope, looks good.

comment:3 @matt8 years ago

  • Resolution set to wontfix
  • Status changed from new to closed

The redirect is basically an error condition, not browser detection. I don't think sending a permanent redirect is the right thing to do, because it's not a permanent condition and shouldn't be cached by, for example, proxies.

comment:4 @joostdevalk8 years ago

  • Resolution wontfix deleted
  • Status changed from closed to reopened

Then you shoudl send a 404, and not a 302. A 302 says the content is to be found elsewhere, which is not true.

comment:5 @JoostdeValk8 years ago

  • Keywords 2nd-opinion added; has-patch commit removed

comment:6 @markjaquith8 years ago

  • Milestone changed from 2.3 to 2.4 (next)

301 is not correct. 404 is not correct either.

303 is a possibility.


303 See Other

The response to the request can be found under a different URI and SHOULD be retrieved using a GET method on that resource. This method exists primarily to allow the output of a POST-activated script to redirect the user agent to a selected resource. The new URI is not a substitute reference for the originally requested resource. The 303 response MUST NOT be cached, but the response to the second (redirected) request might be cacheable.

The different URI SHOULD be given by the Location field in the response.


No proxy issues here, as 303s shouldn't be cached. And it doesn't imply that the redirected URL is a substitute for the original URL.

comment:7 @JoostdeValk8 years ago

Sounds good to me! Adding a new patch.

@JoostdeValk8 years ago

Patch 2

comment:8 @joostdevalk8 years ago

  • Keywords has-patch added; 2nd-opinion removed

comment:9 @Otto428 years ago

303 is the correct way to do this, I say commit it.

For reference, the 300 codes work like this (under HTTP 1.1) :

  • 300 Multiple Choices (like if you offer different languages.. not used much)
  • 301 Moved Permanently (obvious)
  • 302 Found (temporary redirect - deprecated in favor of 303 and 307)
  • 303 See Other (redirection to be used after a successful POST, user agent should do a GET on the redirected URL)
  • 304 Not Modified (user agent did a conditional GET but the document was not changed since the time given)
  • 305 Use Proxy (the URL must be accessed through a proxy, the Location: gives the proxy that must be used)
  • 306 Unused
  • 307 Temporary Redirect (a real temporary redirection, a user agent doing a POST should do a repost to the new URL.. often causes the browser to ask the user for confirmation to do that)

comment:10 @Otto428 years ago

Actually, on thinking about it, the correct way is not so obvious. A 301 is correct for a browser, who didn't actually send any sort of trackback, but a 303 is correct for a system actually sending a trackback. Perhaps there needs to be some more robust handling here.

comment:11 @joostdevalk8 years ago

  • Cc joostdevalk added

how do you mean "robust"?

comment:12 @Otto428 years ago

After looking at it closer, I see that a successful trackback already sends back a 200 response (with some XML stuffs). The redirect response only occurs when you use a browser (or other user agent that is not actually doing a trackback).

Given this, and the fact that the trackback specification makes no mention of what to do when trackbacks URIs are called without the corresponding trackback POST data, I would have to say that 301 is the correct response. Redirect the agent to the original post, and 301 will make search engines ignore those URLs in favor of the post URLs.

A 303 will not solve the search engine problem, and is arguably the wrong thing to do when you're not redirecting from a script that accepted valid input. A 302/307 doesn't solve the search engine problem either. The 301 solves the search engine problem, even if it does imply that the trackback URL is no longer valid. It won't affect actual trackback agents, since you're not sending them the 301 at all.

+1 for 301.

comment:13 @markjaquith8 years ago

301 is cacheable (for instance, by proxies). If someone clicks a trackback URL link through a proxy and then someone through that same proxy tries to send a trackback, the 301 from before might be cached, and the Trackback might fail. It also suggests that the new URL is a substitute reference for the requested URL. It is not.

307 is also incorrect because it suggests that the new URL is a substitute reference for the requested URL.

302 has the same problem.

405 is a really specific match, but doesn't allow us to do a redirect (PHP sends a 302 if you try), so that loses because of user-unfriendliness

303 is the only one that allows the redirect but does not suggest that the redirected URL is a substitute for the original URL.

But in any case, this is going to have to miss the 2.3 boat. We can resume discussion once 2.3 is branched off next month.

comment:14 @westi7 years ago

(In [7319]) Allow plugins to filter the redirect status as well as the location. See #4790.

comment:15 @westi7 years ago

  • Milestone 2.5 deleted
  • Resolution set to wontfix
  • Status changed from reopened to closed

Closing as WONTFIX.

  • Changing to 301 is not possible due to the caching issues.
  • Changing to 307 is incorrect as mark has already said.
  • Changing to 303 doesn't help a search engine so doesn't improve the issue raised.

I have added a filter to the status which will allow a plugin to override it for those people who want a different HTTP status in this or another redirect case.

Note: See TracTickets for help on using tickets.