I want to redirect the url using the POST method.
The code is usually using this.Redirect("/", 302).
This time, I want something like post url which should redirect to that page.
Is this possible with Beego?
Thanks.
Beego's Redirect takes a http code, you're just using the wrong one. You want 307 to force the request method to be the same as the original one.
this.Redirect("/", 307)
Most clients and browsers issue a GET on the 302 target, which was actually contrary to the RFC.
Due to this, 303 and 307 were introduced:
303: clients must use a GET request
307: clients must use the original method (eg: POST if a POST was originally used)
Related
From the client side, I am making an Ajax request of type "delete" using jquery.On the server side, I am doing res.redirect(URL).But instead of redirecting, browser is again making a delete request with URL returned from server side for redirecting.
However, it is not happening for a post request.Everything is OK with post request.
Short version
Ajax is trying to follow the request to it's bitter end to get a successful response (2xx). If you want to delete a resource and send the user to a new web page, you will need to handle that after receiving a success response from your Ajax call.
Full explanation
While redirects are sometimes used after processing a request (such as a successful / failed login) it's not really what they're intended for. Generally you would only redirect the user to get them to the resource their looking for. For example, you might move an endpoint such as POST /blog-post to the new location of POST /blog-article. What you're saying to the requester here is that something used to be where it is, but now they need to make a request elsewhere to find what they're after. This is incredibly important when trying to prevent link rot.
The idea of accepting and processing a request, and then moving the user off to another page is more of a coincidence really. It just happens to work due to how a browser handles URL requests.
I expect your POST request is actually using a form, in this case the browser is following the redirect because it received something like a 301 and is attempting to see a request chain through. However when using Ajax a redirect is being handled by the Ajax call itself, not the entire browser. Ajax in this case is acting as if you'd expect if the endpoint had been moved. So for example, if you moved the endpoint on the server side, your application would still function as it would follow the redirect instruction.
What you really need to do is return a successful response to your Ajax call such as a 204 (No content) and then in your frontend move the user on to a new page.
This isn't as convenient I'll admit, but when you understand why the redirects actually exist it makes more sense. They're not a way of telling a user to move onto something else, they're a way of trying to prevent link rot and enable applications to continue working against an API which may have changed slightly.
I have to handle Cross site POSTS from Ajax calls in an MVC project.
I have a method in my controller that is supposed to accept a POST with the view model as the POST body. My page is making an ajax call to it from Javascript. This works fine if everything is under the same domain.
IE11 sends an OPTIONS request without a POST body the first time my Ajax call is made. MVC tries to route this, fails to find my method (probably because it takes the ViewModel parameter), and returns a 404. However after the first time the call errors out, subsequent calls include the POST body and are routed successfully.
I thought I could fix this easily by including an overload of my method in my controller that takes no parameters and returns a 200 (or 204) and no message body. However this gives me "The current request for action on controller type is ambiguous between the following action methods" and lists both overloads.
What is the best way to get this to route correctly? If I got to my controller method with a null ViewModel, I could return a 200/204 and probably be okay - but I don't get there, routing sends back a 404.
Solved this. CORS requires 2 things, you need all responses to include the Access-Control-Allow-Origin header, and you need to response to OPTIONS requests (either with a 200 or 204).
My OPTIONS requests were not routing correctly, returning a 404 with the Access-Control-Allow-Origin header, which caused the error but allowed the next request to work without an OPTIONS request.
I had to handle the OPTIONS requests in my Global.asax.cs
This is sort of a cross-domain issue, but the problem is the browser (Chrome) doesn't seem to follow the redirect. Instead, nothing is returned to the jQuery ajax call, and I get an error.
I'm trying to use jQuery.ajax, but the URL that I'm using redirects to another domain. When this happens, I get an error. Is there anything special that needs to be done so the browser will follow the redirect?
I already added access-control-allow-origin: * to the header of the second domain that is being redirected to.
An HTTP redirect page is treated as any other HTTP page in that it also needs the access control headers. If your redirect page does not have them, the browser will never get around to checking if the page being redirected to has the proper permissions.
Along with the Location header on the redirect page, also add the Access-Control-Allow-Origin header and its related constituents (i.e. Access-Control-Allow-Methods etc.)
The only way to get a cross-domain ajax call is to use jsonp.
In jQuery, set your .ajax() dataType to 'jsonp'. See here: http://api.jquery.com/jQuery.ajax/
It still may not work, if the server being redirected to is not capable of a jsonp response. The difference between a json response and a jsonp response is that a json response is a pure json string, while a jsonp response is the code that calls a function passing in a json string.
A not-too-shabby tutorial: http://remysharp.com/2007/10/08/what-is-jsonp/
A good discussion: Can anyone explain what JSONP is, in layman terms?
In my application there is a client and a WCf REST service. For invoking some wcf service the client is doing an http POST even though the service is a GET.
i do not want to do any changes in the client or the service.
So is there a way where i can convert this POST request to GET and add the data coming in as the POST to the URL and invoke the REST service.
Thanks in advance.
You can use URL Rewrite to issue 3xx Redirect which will use GET method, but you will loose all POST data.
The only safe way known to me is to rewrite POST request to some another custom page, where you:
collect all POST data/variables;
convert them into GET variables (assemble proper GET request);
issue 301 (or 302) Redirect to the proper URL (it will have all POST data sent as GET variables).
Such rewrite to custom page should be easy -- you need to check what method is used (POST or GET) and only invoke it on POST. The rest will be handled in that post-to-get script.
The reason for all of this complexity is the difference in how POST and GET requests work: with GET all data is sent as part of URL while POST uses request body to transfer variable's data.
A common scenario for a web app is to redirect after a POST that modifies the database. Like redirecting to the newly created database object after the user creates it.
It seems like most web apps use 302 redirects, but 303 seems to be the correct thing to do according to the specification if you want the url specified in the redirect to be fetched with GET. Technically, with a 302, the browser is supposed to fetch the specified url with the same method that the original url was fetched with, which would be POST. Most browsers don't do that though.
302 - https://www.rfc-editor.org/rfc/rfc9110.html#name-302-found
303 - https://www.rfc-editor.org/rfc/rfc9110.html#name-303-see-other
So should I be using 302 or 303?
The correct one is 303.
I use it and haven't found any compatibility problems with UAs newer than Netscape 4 (1998, released 17 years ago).
If you use 302, you're risking that UA will re-send POST to the new URL instead of switching to GET.
Still, if you're worried about HTTP/1.0 clients (which don't support vhosts and probably won't be able to access your page anyway) then you should include HTML with link to the new page in body of the 303 response (web servers like Apache do that already).
Depends.
303 and 307 responses were added in HTTP1.1.
So client agents that are strictly compliant to HTTP1.1 RFC should be fine with a 303 response.
But there can be agents that are not fully conformant or are HTTP1.0 compliant and will not be able to handle the 303.
So to be sure that the response of your application can be handled gracefully by the majority of client implementations I think 302 is the safest option.
Excerpt from RFC-2616:
Note: Many pre-HTTP/1.1 user agents
do not understand the 303
status. When interoperability with such clients is a concern, the
302 status code may be used instead, since most user agents react
to a 302 response as described here for 303.
In most server-side languages the default redirection mechanism uses 302:
Java response.sendRedirect(..) uses 302
ASP.NET response.Redirect(..) uses 302
PHP header("Location: ..") uses 302
RoR redirect_to uses 302
etc..
So I'd prefer this, rather than setting status and headers manually.
In theory, you (and all the world) should be using 303 as you have noted. But also, most browsers react to a 302 like they should react to a 303. So, overall, it seems that it won't matter if you send 302 or 303. In the link you provided for the 303 specification, theres an interesting note:
Note: Many pre-HTTP/1.1 user agents do not understand the 303 status. When interoperability with such clients is a concern, the 302 status code may be used instead, since most user agents react to a 302 response as described here for 303.
It's important to note the pre-HTTP/1.1 user agents, so maybe this was important a while ago, but I don't believe it is the case now.
So, all in all, it's up to you (I could bet whatever you want that browsers won't change their behavior against 302 statuses never, for fear of breaking the internet for their users).
When providing the location of a new resource created by a POST request, 201 ("Created") is an appropriate response.
HTTP/1.1: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.2.2
Atom Publishing Protocol: https://www.rfc-editor.org/rfc/rfc5023#section-5.3
This does mean that a web browser probably won't redirect to the new URL, though; the user has to follow a link to get to the new item (this link can be provided in the body of the response, as well as in the Location header).