                                        
                                   * * * * *
                                        
                  How many redirects does your browser follow?
                                        
An observation [1] on the Gemini [2] mailing list [3] led me down a very
small rabbit hole. I recalled at one time that a web browser was only
supposed to follow five consecutive redirects, and sure enough, in RFC
(Request For Comments)-2068 (Hypertext Transfer Protocol – HTTP/1.1) [4]:

> 10.3 Redirection 3xx
> 
> This class of status code indicates that further action needs to be taken
> by the user agent in order to fulfill the request. The action required MAY
> be carried out by the user agent without interaction with the user if and
> only if the method used in the second request is GET or HEAD. A user agent
> SHOULD NOT automatically redirect a request more than 5 times, since such
> redirections usually indicate an infinite loop.
> 

“Hypertext Transfer Protocol -- HTTP/1.1 [5]”

But that's an old standard from 1997. In fact, the next revision, RFC-2616
(Hypertext Transfer Protocol – HTTP/1.1) [6], updated this section:

> 10.3 Redirection 3xx
> 
> This class of status code indicates that further action needs to be taken
> by the user agent in order to fulfill the request. The action required MAY
> be carried out by the user agent without interaction with the user if and
> only if the method used in the second request is GET or HEAD. A client
> SHOULD detect infinite redirection loops, since such loops generate network
> traffic for each redirection.
> 
> Note: previous versions of this specification recommended a maximum of five
> redirections. Content developers should be aware that there might be
> clients that implement such a fixed limitation.
> 

“Hypertext Transfer Protocol -- HTTP/1.1 [7]”

And subsequent updates have kept that language. So it appears that clients
SHOULD NOT (using language from RFC-2119 (Key words for use in RFCs to
Indicate Requirement Levels) [8]) limit itself to just five times, but still
SHOULD detect loops. It seems like this was changed due to market pressure
from various companies and I think the practical limit has gone up over the
years.

I know the browser I use, Firefox [9], is highly configurable and decided to
see if its configuration [10] included a way to limit redirections. And lo',
it does! The option network.http.redirection- limit exists, and the current
default value is “20”. I'm curious to see what happens if I set that to “5”.
I wonder how many sites will break?

[1] https://lists.orbitalfox.eu/archives/gemini/2019/000201.html
[2] gopher://zaibatsu.circumlunar.space:70/1/~solderpunk/gemini
[3] https://lists.orbitalfox.eu/listinfo/gemini
[4] https://www.ietf.org/rfc/rfc2068.txt
[5] https://www.ietf.org/rfc/rfc2068.txt
[6] https://www.ietf.org/rfc/rfc2616.txt
[7] https://www.ietf.org/rfc/rfc2616.txt
[8] https://www.ietf.org/rfc/rfc2119.txt
[9] https://www.mozilla.org/
[10] about:config

Email author at sean@conman.org

.