Improve note on HttpClientHandler.AllowAutoRedirect (#11110)

antonfirsov · web-flow · commit 22e3caef297d · 2025-03-26T19:31:50.000+01:00
- Turn around the paragraph, emphasizing the modern behavior
- Harmonize language on .NET Core / .NET 5+ with the rest of HttpClient docs
diff --git a/xml/System.Net.Http/HttpClientHandler.xml b/xml/System.Net.Http/HttpClientHandler.xml
@@ -138,8 +138,8 @@
  If you are using cookies by specifically adding them to the <xref:System.Net.Http.HttpRequestMessage.Headers> collection, these are not cleared when a redirect is followed, as the handler has no way of knowing what domain a cookie is allowed for. If you want to mimic browser behavior, use the <xref:System.Net.CookieContainer> class which allows you to specify the target domain for a cookie.
 
 > [!NOTE]
->  With <xref:System.Net.Http.HttpClientHandler.AllowAutoRedirect%2A> set to `true`, the .NET Framework will follow redirections even when being redirected to an HTTP URI from an HTTPS URI.
-.NET Core versions 1.0, 1.1 and 2.0 will not follow a redirection from HTTPS to HTTP even if <xref:System.Net.Http.HttpClientHandler.AllowAutoRedirect%2A> is set to `true`.
+> On .NET Core and .NET 5 and later versions, setting <xref:System.Net.Http.HttpClientHandler.AllowAutoRedirect> to `true` **does not enable** automatic redirection to an HTTP URI from an HTTPS URI.
+> Such (secure to insecure) redirections are only followed on .NET Framework.
 
  ]]></format>
         </remarks>
