161

What's the difference between HTTP 301 and 308 status codes?

  • 301 (Moved Permanently): This and all future requests should be directed to the given URI.

  • 308 (Permanent Redirect): The request and all future requests should be repeated using another URI.

They seem to be similar.

cassiomolin
  • 101,346
  • 24
  • 214
  • 283
Alexander Drobyshevsky
  • 2,739
  • 2
  • 16
  • 14

1 Answers1

309

An overview of 301, 302 and 307

The RFC 7231, the current reference for semantics and content of the HTTP/1.1 protocol, defines the 301 (Moved Permanently) and 302 (Found) status code, that allows the request method to be changed from POST to GET. This specification also defines the 307 (Temporary Redirect) status code that doesn't allow the request method to be changed from POST to GET.

See more details below:

6.4.2. 301 Moved Permanently

The 301 (Moved Permanently) status code indicates that the target resource has been assigned a new permanent URI and any future references to this resource ought to use one of the enclosed URIs. [...]

Note: For historical reasons, a user agent MAY change the request method from POST to GET for the subsequent request. If this behavior is undesired, the 307 (Temporary Redirect) status code can be used instead.

6.4.3. 302 Found

The 302 (Found) status code indicates that the target resource resides temporarily under a different URI. Since the redirection might be altered on occasion, the client ought to continue to use the effective request URI for future requests. [...]

Note: For historical reasons, a user agent MAY change the request method from POST to GET for the subsequent request. If this behavior is undesired, the 307 (Temporary Redirect) status code can be used instead.

6.4.7. 307 Temporary Redirect

The 307 (Temporary Redirect) status code indicates that the target resource resides temporarily under a different URI and the user agent MUST NOT change the request method if it performs an automatic redirection to that URI. Since the redirection can change over time, the client ought to continue using the original effective request URI for future requests. [...]

Note: This status code is similar to 302 (Found), except that it does not allow changing the request method from POST to GET. This specification defines no equivalent counterpart for 301 (Moved Permanently) (RFC 7238, however, defines the status code 308 (Permanent Redirect) for this purpose).

The need for 308

The RFC 7238 has been created to define the 308 (Permanent Redirect) status code, that is similar to 301 (Moved Permanently) but does not allows the request method to be changed from POST to GET.

The 308 status code is now defined by the RFC 7538 (that obsoleted the RFC 7238).

3. 308 Permanent Redirect

The 308 (Permanent Redirect) status code indicates that the target resource has been assigned a new permanent URI and any future references to this resource ought to use one of the enclosed URIs. Clients with link editing capabilities ought to automatically re-link references to the effective request URI to one or more of the new references sent by the server, where possible. [...]

Note: This status code is similar to 301 (Moved Permanently), except that it does not allow changing the request method from POST to GET.

Se we have the following:

                                                             +-----------+-----------+
                                                             | Permanent | Temporary |
+------------------------------------------------------------+-----------+-----------+
| Allows changing the request method from POST to GET        | 301       | 302       |
+------------------------------------------------------------+-----------+-----------+
| Doesn't allow changing the request method from POST to GET | 308       | 307       |
+------------------------------------------------------------+-----------+-----------+

Choosing the most suitable status code

Michael Kropat put together a set of decision charts that helps to determine the best status code for each situation. See the following for 2xx and 3xx status codes:

Picking a 2xx or 3xx status code

cassiomolin
  • 101,346
  • 24
  • 214
  • 283
  • 4
    Given that the question was specifically about the destinction between 301 and 308, could you give some more explanation on: _"does not allows the request method to be changed from `POST` to `GET`"_? Would it mean dat a posted form cannot be processed, but a fresh new form could be serverd and then be posted on a next request? – R. Schreurs Aug 23 '18 at 07:29
  • 1
    This draft specification (https://tools.ietf.org/id/draft-hunt-http-rest-redirect-00.html) suggests that ReSTful services should use 308 even for GETs. "HTTP redirection codes 301-306 SHOULD NOT be used unless the service provider is aware the client is in fact a user-agent." However this is only a draft. I'm not sure if/when it will be accepted. – Bruce Adams Nov 22 '18 at 15:45
  • 1
    This post, [the-definitive-guide-to-get-vs-post](https://blog.teamtreehouse.com/the-definitive-guide-to-get-vs-post), clarifies why allowing a `POST` (safe) request to be *changed* into a to `GET` (unsafe in that data is passed by adding it to the url - and urls can be saved - including passwords) request can be a security issue, and generally should be avoided, unless you *know* it to be safe to change. These days it seems that it's generally supported and preferred to use 307, 308 over 301, 302. But you should verify. – SherylHohman Jun 18 '20 at 19:52
  • 1
    Mnemonic `308` is like a sideways infinity, so Permanent redirect, and also never change the request Method - it is also a permanent, fixed request type. Then ,`307` is `1` step below - permanent/keep request Method (Get/Post), but redirect to a temp location: 7 - looks like "left turn" or temp detour, and 7 is also similar looking to k, so "keep" the request method. – SherylHohman Jun 18 '20 at 20:01
  • You forgot to mention [Resume Incomplete](https://web.archive.org/web/20151013212135/http://code.google.com/p/gears/wiki/ResumableHttpRequestsProposal#Status_Code:_308_Resume_Incomplete). – Knu Jul 13 '20 at 13:23
  • @Knu That's not a [standard status code for HTTP](https://www.iana.org/assignments/http-status-codes/http-status-codes.xhtml), at least not with that meaning: `308` has been standardised as _Permanent Redirect_. – cassiomolin Jul 13 '20 at 14:31