views:

41

answers:

1

I've read several documents on the merits of the different HTTP redirect status codes, but those've all been very SEO-centric. I've now got a problem where search-engines don't factor in, because the section of the site in question is not publicly viewable.

However, we do want our website to be as accurate / helpful with meta-data as possible, especially for accessibility reasons.

Now, our application takes external links provided by third parties and routes them across an anti-spoofing page with a disclaimer. Since this redirector page can effectively also be embedded via an Ajax call in certain constellations, we also want to strip any query parameters from the referer (for privacy purposes; the target site has no business finding out what internal page the user was on before).

To do this, the confirmation button triggers a server-side script which in turn redirects (rather than just opening the page for the user).

So much as to why our anti-spoofing disclaimer page ends up triggering a redirect.

The question is:

Does it effectively make any difference which status code I use? Do non-typical browsers (e.g. screen-readers) care? If so, what's the best practise for such redirects? The most semantically sound, if you so will? They all seem various degrees of insincere to me.

I'm thinking of a 302 - but as it makes no sense trying to bookmark the page (it's protected with a crsf token), so there's probably no harm in a 301, either, is there? So I'm wondering if there's a reason for me to prefer the one over the other.

+3  A: 

Hmm. Here's the list. 301 sounds okay (emphasis mine):

The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs. Clients with link editing capabilities ought to automatically re-link references to the Request-URI to one or more of the new references returned by the server, where possible.

302 doesn't fit n my opinion:

The requested resource resides temporarily under a different URI

However, my favourite is 303 see other:

The response to the request can be found under a different URI and SHOULD be retrieved using a GET method on that resource. This method exists primarily to allow the output of a POST-activated script to redirect the user agent to a selected resource. The new URI is not a substitute reference for the originally requested resource.

But that might be so rare (I've never seen it used in the wild) that some clients may not understand it - which would render your desire for maximum compatibility moot. 301 is probably the closest choice.

Pekka
Now that you mention it... 'See Other' sounds awesome. I'll investigate compatability a bit, see if I can get away with that.Regarding the 301, I'm iffy about it because if you interpret it literally, you effectively invalidate the necessity of the in-between page. Granted, no browser is that stingy, so it's probably okay, but maybe you can understand my hesitance. :)
pinkgothic
Just a quick follow-up, looks like I can use 303. So, thank you very much!
pinkgothic
303 is widely used on the Semantic Web for content negotiation as a result of the W3C TAG httpRange-14 resolution http://lists.w3.org/Archives/Public/www-tag/2005Jun/0039.html Typically a well designed client will automatically do the GET when it receives a 303 response to get the actual resource, for example the .Net framework does this automatically
RobV