[Django] #29450: Redirect using HTTP status "303 See Other" for django.http.response HttpResponseRedirect
Django
HttpResponseRedirect
-------------------------------------+-------------------------------------
Reporter: Duane | Owner: nobody
Hutchins |
Type: | Status: new
Cleanup/optimization |
Component: HTTP | Version: master
handling | Keywords: http redirect 302
Severity: Normal | 303
Triage Stage: | Has patch: 0
Unreviewed |
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 1
UI/UX: 0 |
-------------------------------------+-------------------------------------
Regarding:
[https://docs.djangoproject.com/en/2.0/_modules/django/http/response/#HttpResponseRedirect
django.http.response HttpResponseRedirect]
Current redirects use http status 302, which is fine most of the time, but
it can cause issues if browser caching is permitted.
For example:
* Cache-Control allows caching globally
* User is logged in
* User logs out (GET response = 302 redirect)
* This response is cached by the browser
* User logs back in
* User attempts to log out again
* Browse serves cached response from disk and redirects without request
revalidation
* Result: User is not actually logged out
Caching breaks the response, which is why HTTP Status 303 redirects do not
allow caching. They are more appropriate than 302 redirects.
https://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.3
Note that 303 redirects are not HTTP/1.0 compatible. A quick check shows
that every modern browser now supports http/1.1 or higher. Still, 302
redirect responses can still be served for http/1.0 requests, if that's a
concern.
Two other tickets (#13277 and #6227) requested this fix 8+ years ago, and
they were closed because http/1.0 was still in common use at the time.
Now that http/1.0 is no longer in common use, can we change this redirect
to 303?
--
Ticket URL: <https://code.djangoproject.com/ticket/29450>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
HttpResponseRedirect
-------------------------------------+-------------------------------------
Type: | Status: closed
Cleanup/optimization |
Component: HTTP handling | Version: master
Severity: Normal | Resolution: duplicate
Keywords: http redirect 302 | Triage Stage:
303 | Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 1 | UI/UX: 0
-------------------------------------+-------------------------------------
* status: new => closed
* resolution: => duplicate
Comment:
The correct way to discuss a wontfix ticket is to start a discussion on
the DevelopersMailingList. If there's consensus there to make the change,
then we'll reopen one of the original tickets.
--
Ticket URL: <https://code.djangoproject.com/ticket/29450#comment:1>