2009/8/28 Martin Scotta <martinscotta@xxxxxxxxx>: > On Fri, Aug 28, 2009 at 10:39 AM, Ashley Sheridan > <ash@xxxxxxxxxxxxxxxxxxxx>wrote: > >> On Fri, 2009-08-28 at 10:34 -0300, Martin Scotta wrote: >> > Actually there aren't a safe way to make a redirect.... >> > >> > We have 4 alternatives (correct me if I miss anything) to do a safe >> > redirection. >> >> Erm wtf?! >> >> The best bet is always going with a header() redirect. The only time >> I've seen that fail is when the developer of the PHP script has made a >> mistake. The browser should always honor this type of redirect, and you >> have none of the issues with Javascript turned off, browser plugins >> blocking redirects, or stupid users etc. >> >> Thanks, >> Ash >> http://www.ashleysheridan.co.uk >> >> >> >> > What you are is truth if it only applies to computer browsers. > There are many "clients" where the Location header don't work. > > Curl is a good example, you can determine to follow the Redirect or just > skip it. > curl_setopt($curl, CURLOPT_FOLLOWLOCATION, false) > > Another example could be mobile phones, especially wml based, do not follow > a redirection and you have to provide a "click here to redirect" link and > relies on the user to follow the redirection. > > Do not trust that your client is always a browser. It could be anything that > can open a connection and send a request. > > Also you can't know who is at the other side. The client can provide fake > UA, IP, everything... or can't send anything but the need to make a valid > request. In the realm of assumptions made by developers, that the client understands and will correctly process a 301/302 response is one of the safer assumptions. It's certainly safer than assuming the client will respect a meta tag or javascript. If you really try to deal with every possible client to that extent you'll never ship anything. Yes it's important to be as supportive as possible, but care should be taken to pick the battles that are worth fighting. -Stuart -- http://stut.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
