Everybody working with web technologies knows 200, 302, 404 and 500 - the most famous HTTP status codes. Many people also heard of 301, the permanent brother of 302, but there's another child in the 3xx family which is rarely known or used: The magical 303.
The HTTP protocol defines some methods which should be used by a client (which is usually instructed by the web page referring the current request) to initially tell the server about his intention.
GET is used for most requests fetching websites, images and other stuff from webservers. It has been designated for pages which could be safely loaded without triggering any actions.
POST is used for uploading files, sending forms and other stuff running any action on the server. POST-requests shouldn't be re-tried without user confirmation and shouldn't be redirected.
HEAD returns no data at all, but meta-information (header lines) for the requested URL. They may be safely issues automatically by any software without any risk.
The HTTP specification is - like all specifications - not obligatory in reality. Anybody (expecially web developers) mixes up request methods as needed (or personally preferred) like all other web stuff is abused as far as possible. There are also other HTTP methods which aren't widely used and which are not relevant for this post.
A typical weblication design uses POST requests to submit forms, store data and run actions (let's call them write operations because they're changing something) while GET requests are being used for all read operations like showing forms, lists or items. A form submitted using POST may simply return the changed item or a list of items concating the write operation with a read operation, but what happens if the user refreshs the page? Some browsers still ask, if the POST request should be repeated, but users will usually confirm this (because they don't know that the write operation triggered earlier is repeated).
There is a common workaround by answering the POST request performing the write operation using a 302 HTTP status code which redirects the browser to the GET page which may be safely reloaded. But redirecting POST requests is not allowed and the read operations are build for GET requests (even if many languages and frameworks don't care about the HTTP method used). Imagine a 5 MB file upload - the redirect would force the browser to re-send the whole 5 MB file to the redirect target URL.
This is where the 303 HTTP status code steps in. A browser receiving a 303 status as reply to a POST request should ignore all the POST body data and request the target URL using a GET method HTTP call.
The status code 303 may be used the same way like the common 302 code:
Status: 303 Done
Location: /target/path
Content-type: text/html
Noch keine Kommentare. Schreib was dazu