302 Found

302 Found is another misunderstood status code. The intent of this status is to tell the client that the resource they tried to access is temporarily hosted somewhere else.

Because the change is temporary, the client shouldn’t update its own links to the new location but keep hitting the endpoint that sent the 302 in case something changed.

The 302 is misused in two ways. Like 301 Moved Permanently, the original intent of the specification was if a client hits a url and sees the 302, it should repeat the exact same request on the new location.

Browsers don’t do this, and tend to convert POST requests to GET. As a result, the specifications now state that you no longer can count on clients to do the same request on the Location target, and 307 Temporary Redirect was introduced. 307 requires the client to do use the same HTTP method.

The ‘incorrect’ usages is so widespread it makes more sense to consider this implicitly the ‘standard’.

Many HTTP / Web frameworks will actually now default to 302 for redirects after a POST request. The meaning frameworks intent to the client is:

“The POST request succeeded, now redirect the browser to this new location to see the result.”

It’s a valid use-case, but there is actually a different HTTP status that was specifically intended to fulfill this use-case: 303 See Other, which is actually supported by every browser.

References

HTTP series

This article is part of an ongoing series about the HTTP protocol.

If you want to follow along as I write them, you can Subscribe to my Atom feed or Mailing list.

Archive

Web mentions