* * * * * How many redirects does your browser follow? An observation [1] on the Gemini [2] mailing list [3] led me down a very small rabbit hole. I recalled at one time that a web browser was only supposed to follow five consecutive redirects, and sure enough, in RFC (Request For Comments)-2068 (Hypertext Transfer Protocol – HTTP/1.1) [4]: > 10.3 Redirection 3xx > > This class of status code indicates that further action needs to be taken > by the user agent in order to fulfill the request. The action required MAY > be carried out by the user agent without interaction with the user if and > only if the method used in the second request is GET or HEAD. A user agent > SHOULD NOT automatically redirect a request more than 5 times, since such > redirections usually indicate an infinite loop. > “Hypertext Transfer Protocol -- HTTP/1.1 [5]” But that's an old standard from 1997. In fact, the next revision, RFC-2616 (Hypertext Transfer Protocol – HTTP/1.1) [6], updated this section: > 10.3 Redirection 3xx > > This class of status code indicates that further action needs to be taken > by the user agent in order to fulfill the request. The action required MAY > be carried out by the user agent without interaction with the user if and > only if the method used in the second request is GET or HEAD. A client > SHOULD detect infinite redirection loops, since such loops generate network > traffic for each redirection. > > Note: previous versions of this specification recommended a maximum of five > redirections. Content developers should be aware that there might be > clients that implement such a fixed limitation. > “Hypertext Transfer Protocol -- HTTP/1.1 [7]” And subsequent updates have kept that language. So it appears that clients SHOULD NOT (using language from RFC-2119 (Key words for use in RFCs to Indicate Requirement Levels) [8]) limit itself to just five times, but still SHOULD detect loops. It seems like this was changed due to market pressure from various companies and I think the practical limit has gone up over the years. I know the browser I use, Firefox [9], is highly configurable and decided to see if its configuration [10] included a way to limit redirections. And lo', it does! The option network.http.redirection- limit exists, and the current default value is “20”. I'm curious to see what happens if I set that to “5”. I wonder how many sites will break? [1] https://lists.orbitalfox.eu/archives/gemini/2019/000201.html [2] gopher://zaibatsu.circumlunar.space:70/1/~solderpunk/gemini [3] https://lists.orbitalfox.eu/listinfo/gemini [4] https://www.ietf.org/rfc/rfc2068.txt [5] https://www.ietf.org/rfc/rfc2068.txt [6] https://www.ietf.org/rfc/rfc2616.txt [7] https://www.ietf.org/rfc/rfc2616.txt [8] https://www.ietf.org/rfc/rfc2119.txt [9] https://www.mozilla.org/ [10] about:config Email author at sean@conman.org .