Reputation: 547
What is the correct response code for a redirection following creation of a resource?
I'm trying to follow a very pedantic thought to the end. Consider a classic use case:
- POST /widgets - create a widget.
- The request succeeds, and a widget with ID 1000 is created.
- The user is redirected to /widgets/1000 to see their brand new widget.
What status code should the POST request have? It's a redirection, so it must be some 3XX code. A common choice is 302, but MDN says:
Even if the specification requires the method (and the body) not to be altered when the redirection is performed, not all user-agents conform here - you can still find this type of bugged software out there. It is therefore recommended to set the 302 code only as a response for GET or HEAD methods
Wikipedia suggests 303 or 307,
Many web browsers implemented this code [302] in a manner that violated this standard, changing the request type of the new request to GET, regardless of the type employed in the original request (e.g. POST). For this reason, HTTP/1.1 (RFC 2616) added the new status codes 303 and 307 to disambiguate between the two behaviours, with 303 mandating the change of request type to GET, and 307 preserving the request type as originally sent.
but MDN explicitly says 303 should refer to something other than the requested resource,
The HyperText Transfer Protocol (HTTP) 303 See Other redirect status response code indicates that the redirects don't link to the requested resource itself, but to another page (such as a confirmation page, a representation of a real-world object
and 307 is explicitly designed not for the request method not to change. So we can't request a POST and receive a GET.
So I don't know what the "right" answer is. Is there one, or does everyone just use 302 and not think about it?
Upvotes: 0
Views: 590
Answers (1)
Reputation: 57249
You might first consider whether "redirect" is the right idiom to use.
The normal play would be to return a 201 Created response, with the identifier for the new resource described in the Location header, and the "response content typically describes and links to the resource(s) created" (see RFC 9110).
A normal alternative would be to include the representation of the newly created resource as the response body, with a Content-Location header to identify it.
201 Created
Location: /widgets/1000
Content-Location: /widgets/1000
...
But if you need to redirect to the new resource, then you should probably be looking at 303 See Other.
Here's what RFC 9110 has to say about POST:
If one or more resources has been created on the origin server as a result of successfully processing a POST request, the origin server SHOULD send a 201 (Created) response containing a Location header field that provides an identifier for the primary resource created (Section 10.2.2) and a representation that describes the status of the request while referring to the new resource(s).
If the result of processing a POST would be equivalent to a representation of an existing resource, an origin server MAY redirect the user agent to that resource by sending a 303 (See Other) response with the existing resource's identifier in the Location field.
Upvotes: 1
Related Questions
- Which Http redirects status code to use?
- What's an appropriate HTTP status code for "requested resource isn't found"?
- What response status code should I return?
- REST: Resource in wrong state -- Which HTTP status should I return?
- HTTP response code when resource creation POST fails due to existing matching resource
- What status code should be used if somebody sends a GET request to a POST endpoint?
- Redirect page to itself - what's the correct http status code to use
- Which is the proper HTTP response code for redirection?
- What HTTP code should REST return for a resource that is not ready after a 202 code?
- REST: Is http code 300 appropriate in this redirect situation?