user3367166 user3367166 - 9 months ago 36
Node.js Question

Passport.js redirects to "302 Found" after authentication

Passport.js enables to provide success and failure redirection urls upon authentication.'/login',
passport.authenticate('local', { successRedirect: '/success.html',
failureRedirect: '/failed.html'

As far as I can tell, the redirects are always "302 Found" - however shouldn't they be "303 See Other", since as per RFC 2616/10.3.3

If the 302 status code is received in response to a request other

than GET or HEAD, the user agent MUST NOT automatically redirect the

request unless it can be confirmed by the user[...]

Note: I see stackoverflow also replies to login with 302 so it may be a widespread and tolerated violation...

Thanks in advance for any comment or suggestion.


I think see other (in the same link) answers this question as:

  When interoperability with such clients is a concern, the
  302 status code may be used instead, since most user agents react
  to a 302 response as described here for 303.

Also, when logging in a user, there may be an implied confirmation of redirection by the user (who chose to login).