Reputation: 4247
What's the difference between HTTP 301 and 308 status codes?
What's the difference between HTTP 301 and 308 status codes?
301(Moved Permanently): This and all future requests should be directed to the given URI.308(Permanent Redirect): The request and all future requests should be repeated using another URI.
They seem to be similar.
Upvotes: 288
Views: 110095
Answers (3)
Reputation: 3443
in short, the difference is when POST request (e.g carrying form data) hits a 301 moved permanently, user has to fill the form again(because browser converts the method to GET). But if the POST request hits 308 permanent redirect user is not required to fill the form again
Upvotes: 1
Reputation: 8684
Mentioning below common observed client behavior when redirecting using 3xx status codes. Its best to test these scenarios with your HTTP client as it may not follow the same path as mentioned below.
301
- HTTP Method will be changed to GET. Not just POST but also DELETE, PUT, PATCH etc. (except for HEAD).
- While redirecting, most headers will be retained but certain sensitive headers like Authorization will be removed.
- Same domain, different scheme redirects (eg: http to https redirect) will retain sensitive headers as well.
- Body may or may not be removed. Since method is changed to GET, this will not matter in most cases.
- Indicates that search engines may update their links to the resource.
302
- Same as 301 but for temporary redirection. A browser redirects to this page but search engines don't update their links to the resource.
308
- HTTP Method will not change.
- Most headers will be retained but certain sensitive headers like Authorization will be removed. (exception with same domain redirects)
- Body will be retained.
- Search engines may update their links to the resource.
307
- Same as 308 but for temporary redirection. A browser redirects to this page but search engines don't update their links to the resource.
303
- This is useful when you want to give an answer to a PUT or POST method that is not the uploaded resources, but a confirmation message (like "You successfully uploaded XYZ") using a GET redirection. The result of the original HTTP request can be found at a different URL which can be separately identified, bookmarked, and cached, independent of the original request. Also, refresh of the result page doesn't re-trigger the POST/PUT operation. Some apps use 302 Found HTTP response for this purpose.
- All HTTP Method's except HEAD will be changed to GET.
- While redirecting, most headers will be retained but certain sensitive headers like Authorization will be removed. (exception with same domain redirects)
300
- Multiple choices redirect status response code indicates that the request has more than one possible response and the client should choose one of them.
Upvotes: 3
Reputation: 130837
An overview of 301, 302 and 307
The RFC 7231, the current reference for semantics and content of the HTTP/1.1 protocol, defines the 301 (Moved Permanently) and 302 (Found) status code, that allows the request method to be changed from POST to GET. This specification also defines the 307 (Temporary Redirect) status code that doesn't allow the request method to be changed from POST to GET.
See more details below:
The
301(Moved Permanently) status code indicates that the target resource has been assigned a new permanent URI and any future references to this resource ought to use one of the enclosed URIs. [...]Note: For historical reasons, a user agent MAY change the request method from
POSTtoGETfor the subsequent request. If this behavior is undesired, the307(Temporary Redirect) status code can be used instead.
The
302(Found) status code indicates that the target resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client ought to continue to use the effective request URI for future requests. [...]Note: For historical reasons, a user agent MAY change the request method from
POSTtoGETfor the subsequent request. If this behavior is undesired, the307(Temporary Redirect) status code can be used instead.
The
307(Temporary Redirect) status code indicates that the target resource resides temporarily under a different URI and the user agent MUST NOT change the request method if it performs an automatic redirection to that URI. Since the redirection can change over time, the client ought to continue using the original effective request URI for future requests. [...]Note: This status code is similar to
302(Found), except that it does not allow changing the request method fromPOSTtoGET. This specification defines no equivalent counterpart for301(Moved Permanently) (RFC 7238, however, defines the status code308(Permanent Redirect) for this purpose).
Changing the request method from POST to GET
The "historical reasons" in which a user agent may change a request from POST to GET is explained in an Eric Lawrence's post from the IEInternals blog, dated from 19 August 2011.
The post quotes the definition of the status code 301 from the obsolete RFC 1945, published in May 1996, which defined the HTTP/1.0. The key part from that quote is:
Note: When automatically redirecting a
POSTrequest after receiving a301status code, some existing user agents will erroneously change it into aGETrequest.
Then the author continues:
[...] those “user agents” referred to in this remark included the popular browsers of the day, including Netscape Navigator and Internet Explorer. Arguably, this behavior is exactly what most websites wanted — after a successful
POST, send the user to a different URL to show them something else. However, thePOST-converted-to-GETbehavior isn’t what the authors of HTTP had intended.
The need for 308
The RFC 7238 has been created to define the 308 (Permanent Redirect) status code, that is similar to 301 (Moved Permanently) but does not allows the request method to be changed from POST to GET.
The 308 status code is now defined by the RFC 7538 (that obsoleted the RFC 7238).
The
308(Permanent Redirect) status code indicates that the target resource has been assigned a new permanent URI and any future references to this resource ought to use one of the enclosed URIs. Clients with link editing capabilities ought to automatically re-link references to the effective request URI to one or more of the new references sent by the server, where possible. [...]Note: This status code is similar to
301(Moved Permanently), except that it does not allow changing the request method fromPOSTtoGET.
So we have the following:
+-----------+-----------+
| Permanent | Temporary |
+------------------------------------------------------------+-----------+-----------+
| Allows changing the request method from POST to GET | 301 | 302 |
+------------------------------------------------------------+-----------+-----------+
| Doesn't allow changing the request method from POST to GET | 308 | 307 |
+------------------------------------------------------------+-----------+-----------+
Choosing the most suitable status code
Michael Kropat put together a set of decision charts that helps to determine the best status code for each situation. See the following for 2xx and 3xx status codes:
Upvotes: 494
Related Questions
- What's the difference between a 302 and a 307 redirect?
- HTTP redirect: 301 (permanent) vs. 302 (temporary)
- Is there still a use case for HTTP 301 rather than HTTP 308 to indicate that a resource has moved (particularly in a ReST server)?
- Difference between HTTP redirect codes
- What's the difference between 301 and 302 in HTTP for Search engine
- What differences do these HTTP 3xx status codes have?
- Why does the 304 status code count as a "redirect?"
- What's the deal with HTTP status code 308?
- 301 redirect vs 307 redirect
- When to show 404 versus 301?