After a POST, should I do a 302 or a 303 redirect?

 

A common scenario for a web app is to redirect after a POST that modifies the database. Like redirecting to the newly created database object after the user creates it.

It seems like most web apps use 302 redirects, but 303 seems to be the correct thing to do according to the specification if you want the url specified in the redirect to be fetched with GET. Technically, with a 302, the browser is supposed to fetch the specified url with the same method that the original url was fetched with, which would be POST. Most browsers don't do that though.

302 - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.3

303 - http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.4

So should I be using 302 or 303?

Depends.
303 and 307 responses were added in HTTP1.1.
So client agents that are strictly compliant to HTTP1.1 RFC should be fine with a 303 response.
But there can be agents that are not fully conformant or are HTTP1.0 compliant and will not be able to handle the 303.
So to be sure that the response of your application can be handled gracefully by the majority of client implementations I think 302 is the safest option.
Excerpt from RFC-2616:

Note: Many pre-HTTP/1.1 user agents do not understand the 303 status. When interoperability with such clients is a concern, the 302 status code may be used instead, since most user agents react to a 302 response as described here for 303.

The correct one is 303.

I use it and haven't found any compatibility problems with UAs newer than Netscape 4 (1998, released 17 years ago ).

If you use 302, you're risking that UA will re-send POST to the new URL instead of switching to GET.

Still, if you're worried about HTTP/1.0 clients (which don't support vhosts and probably won't be able to access your page anyway) then you should include HTML with link to the new page in body of the 303 response (web servers like Apache do that already).

In most server-side languages the default redirection mechanism uses 302:

  • Java response.sendRedirect(..) uses 302
  • ASP.NET response.Redirect(..) uses 302
  • PHP header("Location: ..") uses 302
  • RoR redirect_to uses 302
  • etc..

    • So I'd prefer this, rather than setting status and headers manually.

    链接地址: http://www.djcxy.com/p/7926.html

    上一篇: 什么是http

    下一篇: POST后,我应该做一个302或303重定向?