Best IT Recipes

Update HTTP Header

I automate a web application (Mantis bug tracking) and I get from it an interesting response header called Refresh:

HTTP/1.x 200 OK ... Refresh: 0;url=my_view_page.php

It seems to act just like meta refresh , and the meta-processing method means that it is the equivalent of a header in HTTP.

The problem is that I cannot find a mention of the Refresh header in the HTTP standard or any other final documentation about how it should be parsed and what the browser should do when it encounters it.

What's going on here?

+55
Nov 12 '08 at 12:10
source share
5 answers

As far as I know, Refresh (along with Set-Cookie and possibly some other proprietary pseudo-headers) were created by Netscape in the earliest days of the Internet and have been mostly (but not quite) standard since then. Since almost every browser supports it, Refresh is pretty safe to use - and usually that.

I think it never became part of official standards, because they already had provisions for this with status.

+50
Nov 12 '08 at 12:27
source

from the specification W3C HTML 4.01, quote:

META and HTTP Headers

The http-equiv attribute can be used instead of the name attribute and is of particular importance when documents are retrieved via the Hypertext Transfer Protocol (HTTP). HTTP servers can use the property name specified by the http-equiv attribute to create the [RFC822] header in the HTTP response. For more information on valid HTTP headers, see the HTTP specification ([RFC2616]).

This means that when you use the <meta http-equiv="refresh" url="..."/> you are actually instructing the browser to act as if the Refresh header was sent.

A good overview of the history can be found at http://www.securiteam.com/securityreviews/6Z00320HFQ.html

+18
Nov 12 '08 at 12:20
source

According to Wikipedia: Redirect URL :

This is a proprietary / non-standard Netscape extension. It is supported by most web browsers.

+12
Nov 12 '08 at 12:28
source

I believe this was originally a Netscape extension and was not standardized because it was deprecated by W3C:

http://www.w3.org/TR/WCAG10-HTML-TECHS/#meta-element

+5
Nov 12 '08 at
source

This is probably a Microsoft extension for HTTP; at least they suggest using it on HOW: Enable client porting for web servers, sites and folders and seems to confirm the meta-ad syntax.

-four
Nov 12 '08 at 12:25
source


More articles:


All Articles