Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Redirect from POST to GET preserves body #1617

Open
jordi-farre opened this issue Nov 30, 2021 · 3 comments
Open

Redirect from POST to GET preserves body #1617

jordi-farre opened this issue Nov 30, 2021 · 3 comments

Comments

@jordi-farre
Copy link

I'm using ratpack HTTP client to make a POST call to a service:

  1. A make a POST call to an external service with the body.
  2. The external service returns a 302 HTTP status code with a URL to be redirected.
  3. Ratpack HTTP client makes a GET call to the URL returned in the redirect, but it preserves the body from the original POST request.

I made a test to check it:

https://github.com/jordi-farre/ratpack/commit/feccd3594bc60ad1df31bfb827c3069403fa8650

Is this the desired behavior? If you think this is an unexpected behavior I'm happy to contribute to fix it.

@alexfdz
Copy link

alexfdz commented Dec 23, 2021

Going through the same with HTTP requests going through AWS Cloudfront.

@alexfdz
Copy link

alexfdz commented Dec 23, 2021

Looks like there is a fix proposed here #1618

@johnrengelman
Copy link
Member

Doing some reading on the history of HTTP redirects codes (https://insanecoding.blogspot.com/2014/02/http-308-incompetence-expected.html), I don't believe our semantics (or even the proposed changes) are correct or consistent with the RFCs. Today we are treating 301/302 as the behavior that 303 specifies, however that is not correct. 301, 302, and 307 should preserve the method type. 303 should change the method to GET. However, many user-agents have implemented 302 with 303 semantics (thus why 303 was introduced), so it's best just to avoid the use of 302.

| 301  | Permanent Redirect.                 | Permanent | No              |
| 302  | Temporary Redirect, misused often.  | Temporary | Only by mistake |
| 303  | Process and move on.                | Temporary | Yes             |
| 307  | The true 302!                       | Temporary | No              |
| 308  | Resume Incomplete, see below.       | Temporary | No      

More information in this SO post - https://stackoverflow.com/questions/4764297/difference-between-http-redirect-codes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants