|
|
|
|
|
|
by shiflett
5443 days ago
|
|
|
Safer? The risk is that 303 is misinterpreted, and this risk is why we have always used 302. I'd need evidence before taking a chance based on someone's recollection of an older version of Firefox. RFC 2616 mentions early misinterpretations; they are why 303 and 307 exist: "Note: RFC 1945 and RFC 2068 specify that the client is not allowed to change the method on the redirected request. However, most existing user agent implementations treat 302 as if it were a 303 response, performing a GET on the Location field-value regardless of the original request method. The status codes 303 and 307 have been added for servers that wish to make unambiguously clear which kind of reaction is expected of the client." Recommending 303 sounds like a great idea, but the spec's description of 303 is what 302 is in practice, and the latest spec (2616) makes note of this reality. Also, consistent support for 303 is not a sure bet: "Note: Many pre-HTTP/1.1 user agents do not understand the 303 status. When interoperability with such clients is a concern, the 302 status code may be used instead, since most user agents react to a 302 response as described here for 303." Without evidence, using 303 is the riskier option. |
|
|
The fact is there really aren't any pre-HTTP/1.1 browsers still in use. See: http://serverfault.com/questions/110932/are-there-internet-u...
Given that many web apps these days require javascript and CSS and HTTP/1.1 is over 12 years old, I don't think it's realistic to worry about clients that only support HTTP/1.0.
While 302 works in practice, it's safer to use 303, which works by definition.