Django: do I need to do HttpResponseRedirect to render a simple string after a POST?

tags:

django

views:

answers:

+1 Q:

Django: do I need to do HttpResponseRedirect to render a simple string after a POST?

I've got a mobile app that makes POST requests to a Django site.

I want to return a simple string (not a template-based page) after the app makes the POST request, saying 'Success' or 'Failure' (EDIT: plus a bit of extra info) as appropriate.

**EDIT: note that it's not a browser making the request, it's an app (so there's no BACK button involved) and I'd like to do some extra app-side work based on the results of the POST request - basically I want to hand back some information.*

However I know that after a POST request in Django you're supposed to do a HttpResponseRedirect. But, do I really need to redirect to another page and write a new function to handle it, all to output a string?

And if so, how do I pass the success/failure status of the app in the HttpResponseRedirect, since it's only supposed to take one argument?

Thanks!

+1 A:

do I really need to redirect to another page and write a new function to handle it, all to output a string?

Yes.

If they hit "Back" on the browser, you'll wish you had provided a redirect-after-post.

If you don't redirect and they hit "Back" on the browser, they could repost the form again. You probably don't want to deal with that, so it's easier to redirect after post.

how do I pass the success/failure status of the app in the HttpResponseRedirect

See this: http://docs.djangoproject.com/en/dev/ref/request-response/#django.http.HttpResponse.status_code

Edit

If there's no browser, then there's no back button. Since there's no back button, there's no need for a redirect.

"after a POST request in Django you're supposed to do a HttpResponseRedirect"

Doesn't make any sense. You're not "supposed" to do it. Django helps you do it.

You do not redirect after POST as part of web services.

You must redirect after POST to help people use their browser.

S.Lott 2010-03-15 18:10:01

Thanks. Slight confusion - the Django docs (on the page you posted) say HttpResponseRedirect takes "a *single* argument, the path to redirect to". Can I really add a status code to it as well?

AP257 2010-03-15 18:58:31

The Response *is* a status code of 301. It doesn't make sense to change the status code of a Redirect because it wouldn't be a redirect with a different status code. What are you trying to do? Please update your question to explain how you can "redirect" without returning a status code of 301?

S.Lott 2010-03-15 19:22:33

Argh, sorry, I just don't understand. I want to send the app back a simple string with some info included. And I want to be safe - I don't know whether not using HttpResponseRedirect is a security error, or whether it's only actually required after POST requests from browsers.

AP257 2010-03-15 19:29:21

HttpResponseRedirect is not a "security" error, it happens all the time. It's required to make your page usable. It's done with a 301 status code. You really don't have any choices in this. Please update your question to be more specific about your problem.

S.Lott 2010-03-15 19:58:13

I think you may have misread. I know that HttpResponseRedirect is not a security error: my question is whether *not using* it is a security error, in a situation where there is no browser to worry about.

AP257 2010-03-15 20:01:31

(i.e. an API call)

AP257 2010-03-15 20:02:27

@AP257: You can edit your comments to combine them, rather than tack confusing extra comments onto a comment. I can't figure out what "security error" you're talking about. Redirect-after-Post is to make a **person** using a **browser** happier and more productive. If your application can't deal with duplicate POST requests, it's a bug in your application, not a "security error".

S.Lott 2010-03-15 20:57:12

As S.Lott says, yes you really do want to redirect.

However I'm not sure what you mean about showing the 'success/failure status of the app" after the redirect. The redirect should only happen if the POST was successful; otherwise, you'd redisplay the form with any validation errors showing.

Daniel Roseman 2010-03-15 18:32:58

I haven't explained my question well. It's a mobile *app* sending the request. There's no browser involved. I need the app to grab the string, look at the response (which includes the value of different variables) and do some processing. Basically what I need is to return a 400 response *and* some extra info, probably in XML or json form.

AP257 2010-03-15 19:01:50

+2 A:

If this is a user-generated POST (standard web site), then S. Lott's advice is correct.

But if you're POSTing as an API call, then just return the string. On a mobile device, the customer pays for every HTTP request.

Frank Krueger 2010-03-15 18:37:32

Thanks. Is it safe to do a HttpResponse, setting the status_code and content appropriately, and NOT a redirect, then? (Note that there's no browser involved, so no 'back' button for the user to hit. The POST request is created within the mobile app's code.)

AP257 2010-03-15 19:22:16

Of course, any response (no matter the *request* type) can return data with a status_code.

Frank Krueger 2010-03-15 19:26:08

Well... A response with a 401 status will trigger validation on the browser. A response with a 301 is a redirect. The status code is what triggers the browser to do (or not do) certain things. You shouldn't randomly change status codes.

S.Lott 2010-03-15 19:59:15

Is there javascript? Then maybe you could make an ajax request and simply change the content after the result comes. That should also prevent problems from 'Back' and you don't need to redirect.

gruszczy 2010-03-15 19:47:53

ansaurus

tags:

views:

answers:

Django: do I need to do HttpResponseRedirect to render a simple string after a POST?

related questions