Reputation: 95
Passport.js redirects to "302 Found" after authentication
Passport.js enables to provide success and failure redirection urls upon authentication:
app.post('/login',
passport.authenticate('local', { successRedirect: '/success.html',
failureRedirect: '/failed.html'
}
);
As far as I can tell, the redirects are always "302 Found" - however shouldn't they be "303 See Other"? since as per RFC 2616/10.3.3
If the 302 status code is received in response to a request other
than GET or HEAD, the user agent MUST NOT automatically redirect the
request unless it can be confirmed by the user[...]
Note: I see stackoverflow also replies to login with 302 so it may be a widespread and tolerated violation.
Thanks in advance for any comment or suggestion.
Upvotes: 6
Views: 4099
Answers (1)
Reputation: 14975
I think 10.3.4 303 See Other answers this question as:
Note: Many pre-HTTP/1.1 user agents do not understand the 303 status. When interoperability with such clients is a concern, the 302 status code may be used instead, since most user agents react to a 302 response as described here for 303.
Also, when logging in a user, there may be an implied confirmation of redirection by the user (who chose to login).
Upvotes: 2
Related Questions
- Passport-auth0 - infinite redirect loop, "Invalid authorization request state."
- Passport.js Render error 401 with failureRedirect
- Express Passport failureRedirect not working
- Node.js / Express: POST being turned into GET (code 302)
- NodeJS - Passport gives me 404 Error on login
- passport.js - Access fail message after 401 error
- Successful, but still using failureRedirect - passport
- Response returns a 302 instead of a 401 http status
- Passport not redirecting after authorization
- PassportJS and Redirects