Comments (6)
Shouldn't this only be happening with a 3xx status code?
https://github.com/feross/simple-get/blob/master/index.js#L48
While POSTs aren't idempotent, it should be safe to send another request when the server specifically says so. It's definitely reasonable/common to send back a Location
header with the URL for the new resource in response to a POST. GitHub does it, for example.
from simple-get.
The problem is for 3xx status codes. According to MDN, https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/303:
This response code is usually sent back as a result of PUT or POST. The method used to display this redirected page is always GET.
from simple-get.
Seems like that's 303-specific. 301 and 302 are not recommending for GET/HEAD only, which I'd agree with. I can't say I've ever seen an API that sends back 3xx codes for writes. Do you have an example of where this is happening?
from simple-get.
The issue is an example of how unexpected it is to see a POST request repeated. I think following redirects should be a GET-only behavior.
POST requests are non-repeateable actions, as such they should not be repeated and the control should return to the user.
from simple-get.
In a semantically correct API, yes, POSTs are not idempotent. But it's also pretty non-standard to send back a 301 for a POST. Someone could be relying on redirect triggering a second request.
Passing back control is a probably a good option for everyone since someone depending on a redirect can do so themselves.
I'm interested in how other user agents (browsers, other node http clients) handle this. I suspect browsers might have some form of cross origin restriction for following non GET/HEAD redirects if they follow them at all.
It is simple-get so I can get behind not redirecting writes for simplicity.
from simple-get.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections is a good resource that lists the behavior of all status code.
I think the simpler implementation is to not follow redirects for anything but HEAD or GET requests, as they are the only one guaranteed idempotent. We could enable some HTTP code to redirect on POST etc, as some are definitely safe.
from simple-get.
Related Issues (20)
- How to figure out redirected URL?
- timeout with HTTPS HOT 4
- Disable redirects
- Redirect bug
- Remove require('url') in favor of URL HOT 2
- basic auth support HOT 3
- Using simple-get in IONIC HOT 1
- Option to skip body decompression HOT 1
- JSON.parse error for 204 status code (no content)
- From http client to undici? HOT 1
- HTTP 500 response not returned with Node.js 14 and concat HOT 1
- Switch from querystring to URLSearchParams
- Switch to esm?
- SyntaxError: API error: Unexpected token < in JSON at position 0 HOT 1
- TypeScript types HOT 1
- Backport the recent security fix to 3.x HOT 8
- Node.js v19 Breaking Change HOT 1
- Abort DNS lookup on request abort
- Happy Eyeballs breaks simple-get if ipv6 times out HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from simple-get.