Reputation: 36574
Does the Location header accept the // protocol notation?
Most if not all browsers support the following notation:
<script src="//domain.com/script.js">
The // notation means use the same protocol as the current one, i.e.:
http://domain.com/script.jsif the current page has been served over HTTPhttps://domain.com/script.jsif the current page has been served over HTTPS
This notation works with other HTML tags as well: <a>, <link>, etc.
Is this notation also valid for the Location header?
For example, is it valid to reply this:
HTTP/1.0 301 Moved Permanently
Location: //domain.com/other-resource
Upvotes: 3
Views: 1036
Answers (3)
Reputation: 22089
A URL starting with // is an example of a relative URL.
The Location-header needs an absolute URL, which means the answer you are looking for unfortunately is: no, it's not supported.
This is specified in Section 14.30 of RFC2616 on HTTP/1.1:
The field value consists of a single absolute URI.
Edit: But please consider the comments attached to this answer. My answer should maybe have been qualified by "according to the currently accepted published standard" or something. I am not the one to ask about what exists in reality ;)
Upvotes: 1
Reputation: 42045
It is not valid per RFC 2616, but it works in practice and is valid in the current revision of HTTP/1.1 (see http://svn.tools.ietf.org/svn/wg/httpbis/specs/rfc7231.html#rfc.section.7.1.2)
Upvotes: 0
Reputation: 72682
No that is not valid. Neither does it really make that much sense:
The Location response-header field is used to redirect the recipient to a location other than the Request-URI for completion of the request or identification of a new resource. For 201 (Created) responses, the Location is that of the new resource which was created by the request. For 3xx responses, the location SHOULD indicate the server's preferred URI for automatic redirection to the resource. The field value consists of a single absolute URI.
http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html#sec14.30
If you know there is an secure URL available why would it matter what protocol the current page uses?
Upvotes: 1
Related Questions
- Is the use of Location header in HTTP 202 response RFC-compliant?
- Can HTTP headers contain colons in the field value?
- What is the purpose of the HTTP header field “Content-Location”?
- Why are web protocols designed to have :// suffix?
- Forward slashes in http protocol declaration in URL
- For which 3xx HTTP codes is the Location header mandatory?
- The "//" in "http://"
- Do HTTP paths have to start with a slash?
- Is the Location Header Ignored for Specific HTTP Response Codes?
- Web: is the convention "//mywebsite.com/mypage" with "//" a standard?