tags:

views:

1490

answers:

5
+3  Q: 

'Refresh' HTTP header

I'm automating a web application (the Mantis bug tracker) and I'm getting an interesting response header from it, called Refresh:

HTTP/1.x 200 OK
...
Refresh: 0;url=my_view_page.php

It seems to be acting the same way that meta refresh does, and the meta refresh technique implies that it is an equivalent of a header in HTTP.

Problem is, I can't find any mention of the Refresh header in the HTTP standard or any other definitive documentation on how it should be parsed and what the browser should do when it encounters it.

What's going on here?

+5  A: 

from the W3C HTML 4.01 specification, quote:

META and HTTP headers

The http-equiv attribute can be used in place of the name attribute and has a special significance when documents are retrieved via the Hypertext Transfer Protocol (HTTP). HTTP servers may use the property name specified by the http-equiv attribute to create an [RFC822]-style header in the HTTP response. Please see the HTTP specification ([RFC2616]) for details on valid HTTP headers.

What this means is that when you use the <meta http-equiv="refresh" url="..."/> tag, you are actually instructing the browser to act as if there were a Refresh header being sent.

a good overview of the history of it can be found at http://www.securiteam.com/securityreviews/6Z00320HFQ.html

Lokkju  2008-11-12 12:20:11
I know http-equiv is the same as sending an HTTP header. What I wanted to know was where the HTTP Refresh header came from and where it's documented.
gooli  2008-11-12 12:24:49
A: 

It is probably a Microsoft extension to HTTP; at least they suggest its use on HOW TO: Enable Client Pull for Web Servers, Sites, and Folders and it seems to confirm to the meta refresh syntax.

divideandconquer.se  2008-11-12 12:25:07
+6  A: 

As far as I know, Refresh (along with Set-Cookie and possibly some other proprietary pseudo-headers) were created by Netscape in the very early days of the internet and have been basically (but not quite) standard since then. Because just about every browser supports it, Refresh is pretty safe to use -- and commonly is.

I guess it never became part of the official standards because they already had provisions for that with the status codes.

Alistair  2008-11-12 12:27:26
Yep. It was created to support ‘client pull’, back in the Netscape 1.1 days when ‘client pull’ and ‘server push’ were super duper new buzzwords and adding random vomitously-broken ‘HTML extensions’ was positively demanded. IE-haters: Microsoft have nothing on Netscape...
bobince  2008-11-12 12:48:14
+2  A: 

According to Wikipedia: URL Redirection:

This is a proprietary/non-standard extension by Netscape. It is supported by most web browsers.

Greg  2008-11-12 12:28:53
+1  A: 

I believe it was originally a Netscape extension, and was not standardised because it's deprecated by W3C:

http://www.w3.org/TR/WCAG10-HTML-TECHS/#meta-element

Alnitak  2008-11-12 12:29:05

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.