Menu
As per the HTTP specification:
If a resource has been created on the origin server, the response SHOULD be 201 (Created) and contain an entity which describes the status of the request and refers to the new resource, and a Location header (see section 14.30).
Does this mean that POST request should always send redirect URI in Location header with no response body?
243
HTTP POST requestA POST request requires a body in which you define the data of the entity to be created. A successful POST request would be a 200 response code.
Short answer: in POST requests, values are sent in the "body" of the request. With web-forms they are most likely sent with a media type of application/x-www-form-urlencoded or multipart/form-data .
The method shall return a set (possibly empty) of object headers for the newly posted object. If a URL has been assigned by the server, then that may be included. Similarly, if a URN has been assigned, then that shall be returned. Other things which may be returned include for example the expiry-date if any.
It is perfectly acceptable to specify a response body and use the Location header at the same time. When using the Location header with a 201 response, you're not redirecting the client, you're just telling it where it can find the resource in future.
Redirects only apply to 3xx responses.
The W3C docs for this explain further, though the text is actually quite ambiguous:
The Location response-header field is used to redirect the recipient to a location other than the Request-URI for completion of the request or identification of a new resource. For 201 (Created) responses, the Location is that of the new resource which was created by the request. For 3xx responses, the location SHOULD indicate the server's preferred URI for automatic redirection to the resource.
I read that as saying "...redirect... or... identif[y]... new resource", but it's not exactly a plain English sentence.
125
Based on paragraph 9.5 of the HTTP 1.1 specification, which is the reference for questions like that, here is my understanding:
Yes you can, and the specification is clear about what you can do and how to do it:
The action performed by the
POSTmethod might not result in a resource that can be identified by a URI. In this case, either200(OK) or204(No Content) is the appropriate response status, depending on whether or not the response includes an entity that describes the result.If a resource has been created on the origin server, the response SHOULD be
201(Created) and contain an entity which describes the status of the request and refers to the new resource, and a Location header (see section 14.30).Responses to this method are not cacheable, unless the response includes appropriate
Cache-ControlorExpiresheader fields. However, the303(See Other) response can be used to direct the user agent to retrieve a cacheable resource.
33
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
