Better know a HTTP Response Code: The Fightin’ 307
In tonight's episode of "Better know a HTTP Response Code" we'll be checking out "307 Temporary Redirect." This ain't your mother's temporary redirect (assuming she primarily uses the more common "302 Temporary Redirect"). The good ol' w3c has this to say in their HTTP 1.1 spec thingy:
10.3.8 307 Temporary Redirect
The requested resource resides temporarily under a different URI. Since the redirection MAY be altered on occasion, the client SHOULD continue to use the Request-URI for future requests. This response is only cacheable if indicated by a Cache-Control or Expires header field.
The temporary URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s) , since many pre-HTTP/1.1 user agents do not understand the 307 status. Therefore, the note SHOULD contain the information necessary for a user to repeat the original request on the new URI.
If the 307 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.
Blahdity blah blah. So while 302's force the redirect location to be requested with a GET, 307's are able to redirect with a POST request. Buuut, there are a couple of caveats. 1) Redirection of POSTs should not be automatic, due to the security issue, and 2) in real life not everybody actually knows how to handle a 307 *Ahem*, I'm looking at you Internet Explore.
Example
Here's a quick PHP example to get us going.
<?php
if (isset($_GET['do_a_redirect'])) {
header("HTTP/1.1 307 Temporary Redirect");
header( 'Location: http://127.0.0.1:1234/pluggd/upload_redirect/form.php?upload_that_file' ) ;
} else if (isset($_GET['upload_that_file'])) {
if ($_FILES["file"]["error"] > 0)
{
echo "Error: " . $_FILES["file"]["error"] . "<br />\n";
}
else
{
echo "Upload: " . $_FILES["file"]["name"] . "<br />\n";
echo "Type: " . $_FILES["file"]["type"] . "<br />\n";
echo "Size: " . ($_FILES["file"]["size"] / 1024) . " Kb<br />\n";
echo "Stored in: " . $_FILES["file"]["tmp_name"] . "\n";
}
} else {
?>
<html>
<body>
<form action="form.php?do_a_redirect" method="post"
enctype="multipart/form-data">
<label for="file">Filename:</label>
<input type="file" name="file" id="file" />
<br />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
<?php } ?>
Rockin' it with CURL:
nick-stielaus-computer-3:~ nick$ curl -L -F "file=@Desktop/shortVids/sheep.flv" http://127.0.0.1:1234/pluggd/upload_redirect/form.php?do_a_redirect Upload: sheep.flv Type: application/octet-stream Size: 174.1796875 Kb Stored in: /private/var/tmp/phpRYQVYc
And FireFox's nice message:
How FireFox handles a HTTP 1.1 307 Response
Credits
A Stack Overflow discussion got me going on this.
