Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Is it safe to redirect to the same URL?

Tags:

browser

http

compatibility

I have URLs of the form http://domain/image/⟨uuid⟩/42x42/some_name.png. The Web server (nginx) is configured to look for a file /some/path/image/⟨uuid⟩/thumbnail_42x42.png, and if it does not exist, it sends the URL to the backend (Django via mod_wsgi) which then generates the thumbnail. Then the backend emits a 302 redirect to exactly the same URL that was requested by the client, with the idea that upon this second request the server will notice the thumbnail file and send it directly.

The question is, will this work with all the browsers? So far testing has shown no problems, but can I be sure all the user agents will interpret this as intended?

Update: Let me clarify the intent. Currently this works as follows:

  1. The client requests a thumbnail of an image.
  2. The server sees the file does not exist, so it forwards the request to the backend.
  3. The backend creates the thumbnail and returns 302.
  4. The backend releases all the resources, letting the server share the newly generated file to current and subsequent clients.

Having the backend serve the newly created image is worse for two reasons:

  1. Two ways of serving the same data must be created;
  2. The server is much better at serving static content. What if the client has an extremely slow link? The backend is not particularly fast nor memory-efficient, and keeping it in memory while spoon-feeding the client can be wasteful.

So I keep the backend working for the minimum amount of time.

Update²: I’d really appreciate some RFC references or opinions of someone with experience with lots of browsers. All those affirmative answers are pleasant but they look somewhat groundless.

like image 775
Roman Odaisky Avatar asked Sep 24 '08 10:09

Roman Odaisky

People also ask

Is redirect URL safe?

Redirects being abused by spammersThese are all perfectly legitimate techniques, but if they're used on your site you should watch out for abuse. Scripts that put up an interstitial page when users leave a site can be abused.

What are the consequences of URL redirection?

The user may be subjected to phishing attacks by being redirected to an untrusted page. The phishing attack may point to an attacker controlled web page that appears to be a trusted web site. The phishers may then steal the user's credentials and then use these credentials to access the legitimate web site.

What is malicious redirection?

What is a malicious redirect? A malicious redirect is code inserted into a website with the intent of redirecting the site visitor to another website. Malicious redirects are typically inserted into a website by attackers with the intent of generating advertising impressions.

Do URL redirects hurt SEO?

Redirects are not bad for SEO, but — as with so many things — only if you put them in place correctly. A bad implementation might cause all kinds of trouble, from loss of PageRank to loss of traffic. Redirecting pages is a must if you make any changes to your URLs.

1 Answers

If it doesn't, the client's broken. Most clients will follow redirect loops until a maximum value. So yes, it should be fine until your backend doesn't generate the thumbnail for any reason.

You could instead change URLs to be http://domain/djangoapp/generate_thumbnail and that'll return the thumbnail and the proper content-type and so on

like image 174
Vinko Vrsalovic Avatar answered Oct 13 '22 20:10

Vinko Vrsalovic
Sign in to Comment

Related questions

Is returning HTTP 409 appropriate for a validation check?
Only download a part of the document using python requests
How to do a non-cached 301 redirect?
failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request
getting the response body of HttpResponse
Enabling gzip compression for Jboss
A replacement for python's httplib?
AngularJS calls HTTP multiple times in controller
Can CSS file loading be deferred via http LINK header and does that block rendering
Ionic 2 / Angular 2 / CORS: HTTP Headers not being sent with request
Logging Into a site that uses Live.com authentication
Python - Requests HTTP Library SSL Key
Chrome is misinterpreting a file attachment as a document
Returning HTTP 401 status for AJAX responses without WWW-Authenticate
URL returns 504 error when called from HTTP
tomcat Java NIO with concurrent slow TCP client connections

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!