Difference between HTTP redirect codes
The differences between the various HTTP 3XX redirect codes are not clear to me. Yes, I've read the spec, but there seems to be some discrepancy between the standard and actual practice here.
The 301
redirect code seems clear enough: This means the resource was permanently moved to another URI, and future requests should use that URI.
And the 307
redirect code also seems clear: it means the redirect is temporary, and future requests should still use the original URI.
But I can't tell what the difference is between 302
and 303
, or why either of them are really different from 301
. It seems that 302
was originally intended to be a temporary redirect, (like 307
), but in practice, most browsers treated it like a 303
. But what's the difference between a 303
and a 301
? Is 301
supposed to mean the redirect is more permanent?
Solution 1:
- 301: Permanent redirect. Clients making subsequent requests for this resource should use the new URI. Clients should not follow the redirect automatically for POST/PUT/DELETE requests.
- 302: Redirect for undefined reason. Clients making subsequent requests for this resource should not use the new URI. Clients should not follow the redirect automatically for POST/PUT/DELETE requests.
- 303: Redirect for undefined reason. Typically, 'Operation has completed, continue elsewhere.' Clients making subsequent requests for this resource should not use the new URI. Clients should follow the redirect for POST/PUT/DELETE requests, but use GET for the follow-up request.
- 307: Temporary redirect. Resource may return to this location at a later point. Clients making subsequent requests for this resource should use the old URI. Clients should not follow the redirect automatically for POST/PUT/DELETE requests.
I personally recommend avoiding 302 if you have the choice. Many clients do not follow the spec when they encounter a 302. For temporary redirects, you should use either 303 or 307, depending on what type of behavior you want on non-GET requests. Prefer 307 to 303 unless you need the alternate behavior on POST/PUT/DELETE.
Solution 2:
The difference between 303 and 307 is this:
303: See other. The request is received correctly, but the results should be retrieved using a GET on the redirect url.
307: Temporary redirect. The entire request should be redirected to the new url. Any post data should be re-posted.
Note that 302 was intended to have the behavior of 307, but most browsers implemented it as the behavior of 303 (both of which didn't exist back then). Therefore, those two new codes were introduced to replace 302.
The difference between 301 and 303:
301: The document is moved. Future requests should use the new url. This url is obsolete.
Note: Be careful with this code. Browsers and proxies tend to apply really agressive caching on it, so if you reply with a 301 it might take a long while for someone to revisit that url.
303: The request is received correctly. Any PUT requests are processed. The resulting document can be retrieved from the redirect url. Future request should still go to the original url.