Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Improve note on HttpClientHandler.AllowAutoRedirect #11110

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
+2 −2
Open

Improve note on HttpClientHandler.AllowAutoRedirect #11110

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions xml/System.Net.Http/HttpClientHandler.xml
View file
Original file line number Diff line number Diff line change
@@ -138,8 +138,8 @@
If you are using cookies by specifically adding them to the <xref:System.Net.Http.HttpRequestMessage.Headers> collection, these are not cleared when a redirect is followed, as the handler has no way of knowing what domain a cookie is allowed for. If you want to mimic browser behavior, use the <xref:System.Net.CookieContainer> class which allows you to specify the target domain for a cookie.
> [!NOTE]
> With <xref:System.Net.Http.HttpClientHandler.AllowAutoRedirect%2A> set to `true`, the .NET Framework will follow redirections even when being redirected to an HTTP URI from an HTTPS URI.
.NET Core versions 1.0, 1.1 and 2.0 will not follow a redirection from HTTPS to HTTP even if <xref:System.Net.Http.HttpClientHandler.AllowAutoRedirect%2A> is set to `true`.
> On .NET Core, .NET 5 and later versions setting <xref:System.Net.Http.HttpClientHandler.AllowAutoRedirect%2A> to `true` **does not enable** automatic redirection to an HTTP URI from an HTTPS URI.
> Such (secure to insecure) redirections will be only followed on .NET Framework.
Comment on lines +141 to +142
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
> On .NET Core, .NET 5 and later versions setting <xref:System.Net.Http.HttpClientHandler.AllowAutoRedirect%2A> to `true` **does not enable** automatic redirection to an HTTP URI from an HTTPS URI.
> Such (secure to insecure) redirections will be only followed on .NET Framework.
> On .NET Core and .NET 5 and later versions, setting <xref:System.Net.Http.HttpClientHandler.AllowAutoRedirect> to `true` **does not enable** automatic redirection to an HTTP URI from an HTTPS URI.
> Such (secure to insecure) redirections are only followed on .NET Framework.

]]></format>
</remarks>