|Response status codes|
|Security access control methods|
The HTTP response status code 302 Found is a common way of performing URL redirection. The HTTP/1.0 specification (RFC 1945) initially defined this code, and gave it the description phrase "Moved Temporarily" rather than "Found".
An HTTP response with this status code will additionally provide a URL in the header field Location. This is an invitation to the user agent (e.g. a web browser) to make a second, otherwise identical, request to the new URL specified in the location field. The end result is a redirection to the new URL.
Many web browsers implemented this code in a manner that violated this standard, changing the request type of the new request to GET, regardless of the type employed in the original request (e.g. POST). For this reason, HTTP/1.1 (RFC 2616) added the new status codes 303 and 307 to disambiguate between the two behaviours, with 303 mandating the change of request type to GET, and 307 preserving the request type as originally sent. Despite the greater clarity provided by this disambiguation, the 302 code is still employed in web frameworks to preserve compatibility with browsers that do not implement the HTTP/1.1 specification.
As a consequence, RFC 7231 (the update of RFC 2616) changes the definition to allow user agents to rewrite POST to GET.
GET /index.html HTTP/1.1 Host: www.example.com
HTTP/1.1 302 Found Location: http://www.iana.org/domains/example/
- Lawrence, Eric. "HTTP Methods and Redirect Status Codes". EricLaw's IEInternals blog. Retrieved 2011-08-20.
- "Request and response objects | Django documentation | Django". Docs.djangoproject.com. Retrieved 2014-06-23.
- "Hypertext Transfer Protocol (HTTP/1.1): Semantics and Content". Tools.ietf.org. Retrieved 2019-01-05.
- RFC 7230, RFC 7231, RFC 7232, RFC 7233, RFC 7234, RFC 7235 (HTTP 1.1)
- RFC 2616 (HTTP 1.1) (obsolete)
- RFC 1945 (HTTP 1.0)