The Hypertext Transfer Protocol (HTTP) Status Code 308 (Permanent Redirect)greenbytes GmbHHafenweg 16MuensterNW48155Germanyjulian.reschke@greenbytes.dehttp://greenbytes.de/tech/webdav/HTTPredirectstatus code
This document specifies the additional HyperText Transfer Protocol (HTTP)
Status Code 308 (Permanent Redirect).
Distribution of this document is unlimited. Although this is not a work
item of the HTTPbis Working Group, comments should be sent to the
Hypertext Transfer Protocol (HTTP) mailing list at ietf-http-wg@w3.org,
which may be joined by sending a message with subject
"subscribe" to ietf-http-wg-request@w3.org.
Discussions of the HTTPbis Working Group are archived at
.
XML versions, latest edits, and the issues list for this document
are available from .
Test cases related to redirection in general and the status code 308
in particular can be found at .
HTTP defines a set of status codes for the purpose of redirecting a request
to a different URI (). The history of these status codes is summarized in
Section 7.3 of , which
also classifies the existing status codes into four categories.
The first of these categories contains the status codes 301 (Moved Permanently),
302 (Found), and 307 (Temporary Redirect), which can be classified as below:
PermanentTemporaryAllows changing the request method from POST to GET301302Does not allow changing the request method from POST to GET-307
Section 7.3.7 of
states that HTTP does not define a permanent variant of status code 307;
this specification adds
the status code 308, defining this missing variant ().
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in .
The target resource has been assigned a new permanent URI and any future
references to this resource SHOULD use one of the returned URIs. Clients
with link editing capabilities ought to automatically re-link references to
the effective request URI (Section 5.5 of )
to one or more of the new references returned by the server, where possible.
Caches MAY use a heuristic (see , Section 2.3.1.1)
to determine freshness for 308 responses.
The new permanent URI SHOULD be given by the Location field in the response
(, Section 10.5).
A response payload can contain a short hypertext note with a hyperlink
to the new URI(s).
Note: This status code is similar to 301 Moved Permanently (Section 7.3.2 of ),
except that it does not allow rewriting the request method from POST to GET.
Section 4 of
requires recipients to treat unknown 3xx status codes the same way as
status code 300 Multiple Choices (, Section 7.3.1).
Thus, servers will not be able to rely on automatic redirection happening
similar to status codes 301, 302, or 307.
Therefore, initial use of status code 308 will be restricted to cases where
the server has sufficient confidence in the clients understanding the new
code, or when a fallback to the semantics of status code 300 is not problematic.
Server implementers are advised not to vary the status code based on
characteristics of the request, such as the User-Agent header field
("User-Agent Sniffing") — doing so usually results in both hard to maintain and
hard to debug code and would also require special attention to caching
(i.e., setting a "Vary" response header field, as defined in Section 3.5 of ).
Note that many existing HTML-based user agents will emulate a refresh when encountering
an HTML <meta> refresh directive (). This can be used as another
fallback. For example:
All security considerations that apply to HTTP redirects apply to the
308 status code as well (see Section 12 of ).
The registration below shall be added to the HTTP Status Code Registry
(defined in Section 4.2 of
and located at ):
ValueDescriptionReference308Permanent Redirect of this specification
The definition for the new status code 308 re-uses text from
the HTTP/1.1 definitions of status codes 301 and 307.
Furthermore, thanks to Ben Campbell, Cyrus Daboo, Eran Hammer-Lahav, Bjoern Hoehrmann,
Subramanian Moonesamy, Peter Saint-Andre,
and Robert Sparks for feedback on this document.
Key words for use in RFCs to Indicate Requirement LevelsHarvard Universitysob@harvard.eduUniform Resource Identifier (URI): Generic SyntaxWorld Wide Web Consortiumtimbl@w3.orghttp://www.w3.org/People/Berners-Lee/Day Softwarefielding@gbiv.comhttp://roy.gbiv.com/Adobe Systems IncorporatedLMM@acm.orghttp://larry.masinter.net/HTTP/1.1, part 1: URIs, Connections, and Message ParsingAdobe Systems Incorporatedfielding@gbiv.comWorld Wide Web Consortiumylafon@w3.orggreenbytes GmbHjulian.reschke@greenbytes.deHTTP/1.1, part 2: Message SemanticsAdobe Systems Incorporatedfielding@gbiv.comWorld Wide Web Consortiumylafon@w3.orggreenbytes GmbHjulian.reschke@greenbytes.deHTTP/1.1, part 6: CachingAdobe Systems Incorporatedfielding@gbiv.comWorld Wide Web Consortiumylafon@w3.orgRackspacemnot@mnot.netgreenbytes GmbHjulian.reschke@greenbytes.deHTML 4.01 Specification
Latest version available at
.
Chrome: Feature requested in Chromium Issue 109012 ().
Curl (the library): no change was needed (test case: ).
Firefox:
now in "nightly" builds, scheduled for release in Firefox 14 (see ).
Safari: automatically redirects 3xx status codes when a Location header field is present,
but does not preserve the request method.
Updated HTTPbis reference. Added .
Added and resolved issue "refresh".
Added URI spec reference.
Tune HTML example. Expand "Implementations" section.
Added and resolved issue "respformat"
(align with new proposed text for 307 in HTTPbis P2).
Added and resolved issue "uaconfirm".
Added and resolved issue "missingconsiderations".
Added request message to example. Updated the Safari implementation note.
Add informative HTML reference.
Update HTTPbis references.
Added and resolved issues "consistency307" and
"sniffing". Updated Firefox implementation status.
Issues that were either rejected or resolved in this version of this
document.
In Section 3:
Type: editben@nostrum.com (2012-03-16):
The 307 definition includes an explicit post about that behavior not being allowed. Section 3 of this doc does neither.
Resolution:
Import (part of the) note from status code 307 description.
In Section 4:
Type: editrjsparks@nostrum.com (2012-03-15):
Would it be worth adding something to the draft explicitily discouraging UA sniffing? A reference to something
that already explores why that's not a good idea perhaps?
Resolution:
Add advice not to attempt UA sniffing.
Type: editjulian.reschke@greenbytes.de (2011-04-15):
Umbrella issue for editorial fixes/enhancements.