September 25, 2018

302 Found

302 Found is another misunderstood status code. The intent of this status is to tell the client that the resource they tried to access is temporarily hosted somewhere else.

Because the change is temporary, the client shouldn’t update its own links to the new location but keep hitting the endpoint that sent the 302 in case something changed.

The 302 is misused in two ways. Like 301 Moved Permanently, the original intent of the specification was if a client hits a url and sees the 302, it should repeat the exact same request on the new location.

Browsers don’t do this, and tend to convert POST requests to GET. As a result, the specifications now state that you no longer can count on clients to do the same request on the Location target, and 307 Temporary Redirect was introduced. 307 requires the client to do use the same HTTP method.

The ‘incorrect’ usages is so widespread it makes more sense to consider this implicitly the ‘standard’.

Many HTTP / Web frameworks will actually now default to 302 for redirects after a POST request. The meaning frameworks intent to the client is:

“The POST request succeeded, now redirect the browser to this new location to see the result.”

It’s a valid use-case, but there is actually a different HTTP status that was specifically intended to fulfill this use-case: 303 See Other, which is actually supported by every browser.

References

RFC7231, Section 6.4.3 - 302 Found

HTTP series

This article is part of a series about the HTTP protocol. Read them all here:

Series of posts on HTTP status codes (2018-06-27)

Informational 1xx

100 Continue (2018-06-27)
101 Switching Protocols (2018-06-28)
102 Processing (2018-06-29)
103 Early Hints (2018-06-30)

Successful 2xx

200 OK (2018-07-03)
201 Created (2018-07-10)
202 Accepted (2018-07-17)
203 Non-Authoritative Information (2018-07-24)
204 No Content (2018-07-31)
205 Reset Content (2018-08-07)
206 Partial Content (2018-08-14)
207 Multi-Status (2018-08-21)
208 Already Reported (2018-08-28)
226 IM Used (2018-09-04)

Redirection 3xx

300 Multiple Choices (2018-09-11)
301 Moved Permanently (2018-09-18)
302 Found (2018-09-25)
303 See Other (2018-10-02)
304 Not Modified (2018-10-09)
305 Use Proxy (2018-10-16)
306 Switch Proxy (2018-10-23)
307 Temporary Redirect (2018-10-30)
308 Permanent Redirect (2018-11-06)
Which redirect do I choose? (2018-11-07)

Client Error 4xx

400 Bad Request (2018-11-13)
401 Unauthorized (2018-11-20)
402 Payment Required (2018-11-27)
403 Forbidden (2018-12-04)
404 Not Found (2018-12-11)
405 Method Not Allowed (2018-12-18)
406 Not Acceptable (2019-01-08)
407 Proxy Authentication Required (2019-01-15)
408 Request Timeout (2019-01-22)
409 Conflict (2019-01-29)
410 Gone (2019-02-05)
411 Length Required (2019-02-12)
412 Precondition Failed (2019-02-19)
413 Payload Too Large (2019-02-26)
414 URI Too Long (2019-03-05)
415 Unsupported Media Type (2019-03-12)
416 Range Not Satisfiable (2019-03-19)
417 Expectation Failed (2019-03-26)
418 I'm a teapot (2019-04-02)
420 Enhance your calm (2019-04-09)
421 Misdirected Request (2019-04-16)
422 Unprocessable Entity (2019-04-23)
423 Locked (2019-04-30)
424 Failed Dependency (2019-05-07)
425 Too Early (2019-05-14)
426 Upgrade Required (2019-05-21)
428 Precondition Required (2019-05-28)
429 Too Many Requests (2019-06-04)
430 Would Block (2019-06-11)
431 Request Header Fields Too Large (2019-06-18)
451 Unavailable For Legal Reasons (2019-06-25)

Server Error 5xx

500 Internal Server Error (2019-07-02)
501 Not Implemented (2019-07-09)
502 Bad Gateway (2019-07-16)
503 Service Unavailable (2019-07-23)
504 Gateway Timeout (2019-07-30)
505 HTTP Version Not Supported (2019-08-06)
506 Variant Also Negotiates (2019-08-13)
507 Insufficient Storage (2019-08-20)
508 Loop Detected (2019-08-30)
510 Not Extended (2019-09-05)
511 Network Authentication Required (2019-09-10)
The end of the HTTP series (2019-09-18)

Web mentions