I'm building a little email server based on nodeJS (homework). When a user tries to login I check that he has an account and then redirect him to /user/userName.
I set the response status to 201 Created, and then added a header Location: /user/userName
I checked in chrome's developer tools that the response was what I sent and it was, yet the location does not change. Any ideas why, or how to do it better?
Thanks
The HTTP response code for a permanent redirect is 301, not 201. Your browser will not use the location header to redirect you with a 201. Before you change to 301, though, make sure you don't want a temporary redirect, or 302, instead!
Related
Using express JS I'm trying to add some headers to the redirection I'm returning
However, everything I tried just work for the response headers and not for the request headers of the redirection. I.E., when inspecting it with the developer tools I can see the response headers but when the next call is made, I can not see the request headers
req.headers['x-custom-header'] = 'value'
res.setHeader('x-custom-header', 'value')
res.redirect('example.com')
Does anybody could explain how the response and request headers work on ExpressJS?
A redirect just does a redirect. It tells the browser to go to that new location with standard, non-custom headers. You cannot set custom headers on the next request after the redirect. The browser simply doesn't do that.
The usual way to pass some type of parameters in a redirect is to put them in a query string for the redirect URL or, in some cases, to put them in a cookie. In both cases of query string parameters and data in a cookie, those will be available to your server when the browser sends you the request for the redirected URL.
It also may be worth revisiting why you're redirecting in the first place and perhaps there's a different flow of data/urls that doesn't need to redirect in the first place. We'd have to know a lot more about what this actual operation is trying to accomplish to make suggestions there.
If your request is being processed by an Ajax call, then you can program the code receiving the results of the Ajax call to do anything you want it to do (including add custom headers), but if it's the browser processing the redirect and changing the page URL to load a new page, it won't pay any attention to custom headers on the redirect response.
Can anybody explain how the response and request headers work on ExpressJS?
Express is doing exactly what you told it to do. It's attaching the custom headers to the response that goes back to the browser. It's the browser that does not attach those same headers to the next request to the redirected URL. So, this isn't an Express thing, it's a browser thing.
In addition to noindex and other headers, I want to send 403 status with every request on a dev server we use. I have put an .htaccess file in the home dir (above the web root) so that every request is tagged, and all seems to be working well, minus the 200 OK status.
Is there a way that .htaccess can set status as 403 to all requests without actually triggering the forbidden page mechanisms? This would work similar to how php can do it with header('HTTP/1.1 403 Forbidden');. I don't wanna have to worry about putting header() style fixes all over the stuff below in the folders....would be far easier and more consistant via .htaccess (with ability to tag assets to boot).
Does the browser make a new request to the location given in the header?
I ask because I was playing around with Fiddler and noticed when I make a request to a page that returns a 302 HTTP code, there are two entries in the network log. The first is to the initial URL, and the second is to the new location given in the response header of the first request.
I'm just curious if web browsers work the same way, but just hide the first response from the user.
Yes, the browser works in very much similar fashion. You can try requesting a url in Chrome, possibly the one you tried in Fiddler. The Network Log of chrome would show you two requests.
The RFC description of HTTP status code can be read over here,
Quoting from there only, regarding the 302 status code:
RFC 1945 and RFC 2068 specify that the client is not allowed
to change the method on the redirected request. However, most
existing user agent implementations treat 302 as if it were a 303
response, performing a GET on the Location field-value regardless
of the original request method. The status codes 303 and 307 have
been added for servers that wish to make unambiguously clear which
kind of reaction is expected of the client.
When a server responds with a 302 status code, it send back the newer url (to which the current requested old url is to be redirected) to the requesting user-agent (likely a browser). Now, as per the RFC document, the user agent must not request the newer url for 302 status code. Yet most of them do make a second request.
Hope-this-helps.
What is the use of res.location() method? I can use res.redirect() to redirect to a particular URL and i cannot see any change if i use res.location() before res.redirect()
They are very similar in their description, but one does much more. The easiest way to see the difference is look at the source.
res.location just sets the response header. It does not set a response status code or close the response, so you can write a response body if you want, and you have to call res.end() on your own after.
res.redirect on the other hand sets the status to 302, sets the header (using res.location) and sends a nice response body saying that the user is being redirected, and renders a link if their browser doesn't automatically redirect them for some reason.
Kinda off topic but worth a mention if you're going to add res.redirect its a good thing to keep in mind the type of redirects. 301 vs 302 as loganfsmyth said, res.redirect sets the status to 302 by default but this is bad SEO. To change the status code for res.redirect add 301 then the route to redirect to.
Ex-> res.redirect(301, 'new-page');
The standard res.redirect('/some/path'); behaves as expected and immediately redirects the request to /some/path, but if I add a status code, e.g., res.redirect(401, '/some/path') and I navigate to the redirecting page, express doesn't redirect to /some/path, instead I just get the following page:
<p>Unauthorized. Redirecting to /</p>
and it never redirects. This is the same for any status code I supply just by the way.
Why doesn't a code specified redirect work as I'm expecting it to and how can I return a custom status code and redirect to a different path?
The behavior of the Location header, which is used to to redirect someone, is only defined for status codes in the 3xx range, and for 201/202 statuses. Since you are setting the status code to 401, it is ignoring the header and just rendering the response content. It just happens that Express includes some nice text explaining that the user is being redirected in case the redirect is slow.
Also, given the definition of the 401 status code, you are likely misusing it. The 401 code is to let the client know that it needs to send additional authentication information with a give request, e.g. http://en.wikipedia.org/wiki/Basic_access_authentication, so you should not be redirecting to another URL.