On 08.12.2016 at 18:53, Ryan Pallas wrote:
> On Thu, Dec 8, 2016 at 10:40 AM, Christoph M. Becker <cmbecker69@xxxxxx>
> wrote:
>
>> On 08.12.2016 at 17:30, Tedd Sperling wrote:
>>
>>> Hi gang:
>>>
>>> For several years I have had an example of a redirect working on my
>> college’s Server for my students to review.
>>>
>>> The code is simple:
>>>
>>> header ("Location:$where");
>>> exit(0);
>>>
>>> The $where is URL’s such as “amazon.com” coming from a POST:
>>>
>>> $where = isset($_POST['where']) ? $_POST['where'] : null;
>>>
>>> Like I said, this has worked for years and now it doesn’t.
>>>
>>> I suspect something has changed in the school’s Server, but I don’t know
>> what that may be.
>>>
>>> Any ideas as to why and how to fix it?
>>
>> Have you checked that no output has been generated before these lines
>> are executed? Even a single space could stop the headers from being
>> sent. I suggest you enable error_reporting, and check the respective
>> log file; there you might find something like "Cannot send headers.
>> Headers already sent".
>
> If having passed that check, have you verified the header isn't returned?
> If it is, the browser may not be respecting it, because according to the
> specification[1] "The field value consists of a single absolute URI", and
> the string "amazon.com" does not validate as an absolute URI according to
> the specs for that[2] which states "absoluteURI = scheme ":" *( uchar |
> reserved )".
Good catch! Note, however, that RFC 7231 which obsoletes RFC 2616 has
relaxed this:
Location = URI-reference
Still, `amazon.com` would not be valid according to the spec.
Cheers,
Christoph
> [1] - https://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30
> [2] - https://www.w3.org/Protocols/HTTP/1.0/spec.html#URI
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
