302 Found is another misunderstood status code. The intent of this
status is to tell the client that the resource they tried to access is
temporarily hosted somewhere else.
Because the change is temporary, the client shouldn’t update its own links
to the new location but keep hitting the endpoint that sent the
case something changed.
302 is misused in two ways. Like
301 Moved Permanently, the
original intent of the specification was if a client hits a url and sees the
302, it should repeat the exact same request on the new location.
Browsers don’t do this, and tend to convert
POST requests to
GET. As a
result, the specifications now state that you no longer can count on clients
to do the same request on the
Location target, and
307 Temporary Redirect was introduced.
307 requires the client to
do use the same HTTP method.
The ‘incorrect’ usages is so widespread it makes more sense to consider this implicitly the ‘standard’.
Many HTTP / Web frameworks will actually now default to
302 for redirects
POST request. The meaning frameworks intent to the client is:
POSTrequest succeeded, now redirect the browser to this new location to see the result.”
- RFC7231, Section 6.4.3 - 302 Found