user3367166 user3367166 - 6 months ago 16
Node.js Question

Passport.js redirects to "302 Found" after authentication

Passport.js enables to provide success and failure redirection urls upon authentication.

app.post('/login',
passport.authenticate('local', { successRedirect: '/success.html',
failureRedirect: '/failed.html'
}
);


As far as I can tell, the redirects are always "302 Found" - however shouldn't they be "303 See Other", since as per RFC 2616/10.3.3


If the 302 status code is received in response to a request other

than GET or HEAD, the user agent MUST NOT automatically redirect the

request unless it can be confirmed by the user[...]


Note: I see stackoverflow also replies to login with 302 so it may be a widespread and tolerated violation...

Thanks in advance for any comment or suggestion.

Answer

I think see other (in the same link) answers this question as:

  When interoperability with such clients is a concern, the
  302 status code may be used instead, since most user agents react
  to a 302 response as described here for 303.

Also, when logging in a user, there may be an implied confirmation of redirection by the user (who chose to login).