HTTP 1.1 supports six kinds of redirects, and each of these mean different
things and has its own applications. Depending on your use cases, a call
to HttpServletResponse.sendRedirect() from a web app may or may not work
correctly. Here is a rundown of the key differences between the various
kinds of redirects and their possible applications.
300 Multiple Choices
When you return this response header, you are also required to send markup
containing a list of alternatives that a user can choose from.
This is a rarely used response header. I have not seen many useful
applications of this header.
301 Moved Permanently
This response header indicates the client that the resource has moved
permanently and it should use the new location in future.
Reserve this response when you make site changes (like moving domains or
directories). Usually, web crawlers replace the current location with the
new location specified in the response when they spider sites. I would
expect other clients such as browsers and RSS tools to do the same.
302 Found
This response header indicates a temporary redirect. This is the most
common form of redirect, but almost always used incorrectly due to the way
this response is treated by browsers.
Let’s say a user submits a form using method POST. In response, if the
server returns a "302 Found" header, clients (i.e. browsers) are supposed to
send a POST request to the redirect location. However, browsers translate
the POST into a GET.
To make sure your apps work correctly with temporary redirect, consider
using "303 See Other" for which it is legal to use GET to fetch a resource
location indicated by a POST request.
303 See Other
Unlike other redirect response headers, this response header clearly
expects clients to use a GET to fetch the resource indicated by the redirect
location.
As discussed above, this is the kind of redirect you want to use to solve
book-markability.
305 Use Proxy
This header tells the client to repeat the request through a proxy.
Applications may not use this directly, but web/app servers can use this
to let the client request the proxy instead.
307 Temporary Redirect
This is another kind of temporary redirect, but explicitly requires that
clients use the same verb (e.g. GET or POST) to send a request to the
redirect location.
Use this when you want to let another URL to process the request. Since
this response header could cause a POST request to the redirect location,
browsers display a warning dialog before continuing with the redirect.
What About HttpServletResponse.sendRedirect?
The first thing to note is that the servlet API’s sendRedirect() is meant
for a temporary redirect, and implementations like WebLogic Server, and
Tomcat use response code "302" for redirect. As I mentioned above, this
redirect really means that the client should use the same verb for the
redirect request. That is, if you call sendRedirect() in response to a POST
request, the client is supposed to a send a POST request to the redirect
location. In most cases, that may not be your intent. So, if a client
strictly interprets HTTP 1.1, sendRedirect() will not have the desired
effect of sending an idempotent redirect location upon POST. Strictly
speaking, you must use "303 See Other" for book-markability needs.
{ 1 comment… read it below or add one }
Thanks! Really good overview.
[Reply]