CODEWITHSUNDEEP
jqueryajaxhttp-status-code-301http-status-codeshttp-status-code-302
andrewbadera
andrewbadera

Reputation: 1362

How will a browser interpret a response with an HTTP status code of 302 but a status message of Moved Permanently?

It appears as though RSA Cleartrust forces a "302 Moved Permanently" response to unauthenticated, or session-expired, clients. Should one expect Chrome or IE10+ see this as a 301 Moved Permanently, or a 302 Moved Temporarily? I would have thought the latter, but my jQuery 302 handling is being ignored and 301 behaviors are observed instead.

Sample Fiddler inspection of response in client environment:

HTTP/1.1 302 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Location: https://client.com/pub/logon.asp
Set-Cookie: ACTEWDSESSION=%20; domain=.client.com; path=/; HttpOnly
Set-Cookie: CTEWDSESSION=AAAAAgABAEBTlSKXkrdcxFyQIFJ7G2bEaIynGWXBmQGql%2BFy9plQ%2F3ofUQI2h3RNZWHdaFA%2BIi2zYuKAsxekzATPRv%2BgjtBl; domain=.client.com; path=/; HttpOnly
Set-Cookie: ACTEWDSESSION=aHR0cDovL2N2bS5pbnNpZGUudXBzLmNvbTo4MC9NVkMvYXBpL3NoaXBtZW50cy9leHBhbmRlZC83MDY4Nw%3D%3D; domain=.client.com; path=/; HttpOnly
SAMEORIGIN: DENY
X-Powered-By: ASP.NET
Access-Control-Allow-Methods: POST, GET, HEAD, PUT, DELETE, OPTIONS
Access-Control-Allow-Headers: Authorization, Origin, Content-Type, Accept
Date: Mon, 07 Jul 2014 16:03:03 GMT

AJAX wireup:

$.ajax({
                        url: url.replace(/{id}/g, id).replace(/{custId}/g, custId),
                        type: 'GET',
                        statusCode: {
                            301: ajax301_302Handling,
                            302: ajax301_302Handling,
                        }
                    }).done(function (data) {
                        debugger;
                        if (typeof renderDetails == 'function') {
                            oTable.fnOpen(nTr, renderDetails(data, id), 'details');
                        }
                        if (typeof renderDetailsComplete == 'function') {
                            renderDetailsComplete(id, custId, data);
                        }
                    });

Upvotes: 0

Views: 760

Answers (1)

Daniel A. White
Daniel A. White

Reputation: 190897

Browser and other clients should only really care about the status code number itself, not the string.

If there is a Location header, XMLHttpRequest will follow that.

Upvotes: 2

Related Questions