tags:

views:

41

answers:

1
+2  Q: 

Non-SEO anti-spoofing external link redirect: Status code?

I've read several documents on the merits of the different HTTP redirect status codes, but those've all been very SEO-centric. I've now got a problem where search-engines don't factor in, because the section of the site in question is not publicly viewable.

However, we do want our website to be as accurate / helpful with meta-data as possible, especially for accessibility reasons.

Now, our application takes external links provided by third parties and routes them across an anti-spoofing page with a disclaimer. Since this redirector page can effectively also be embedded via an Ajax call in certain constellations, we also want to strip any query parameters from the referer (for privacy purposes; the target site has no business finding out what internal page the user was on before).

To do this, the confirmation button triggers a server-side script which in turn redirects (rather than just opening the page for the user).

So much as to why our anti-spoofing disclaimer page ends up triggering a redirect.

The question is:

Does it effectively make any difference which status code I use? Do non-typical browsers (e.g. screen-readers) care? If so, what's the best practise for such redirects? The most semantically sound, if you so will? They all seem various degrees of insincere to me.

I'm thinking of a 302 - but as it makes no sense trying to bookmark the page (it's protected with a crsf token), so there's probably no harm in a 301, either, is there? So I'm wondering if there's a reason for me to prefer the one over the other.

+3  A: 

Hmm. Here's the list. 301 sounds okay (emphasis mine):

The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs. Clients with link editing capabilities ought to automatically re-link references to the Request-URI to one or more of the new references returned by the server, where possible.

302 doesn't fit n my opinion:

The requested resource resides temporarily under a different URI

However, my favourite is 303 see other:

The response to the request can be found under a different URI and SHOULD be retrieved using a GET method on that resource. This method exists primarily to allow the output of a POST-activated script to redirect the user agent to a selected resource. The new URI is not a substitute reference for the originally requested resource.

But that might be so rare (I've never seen it used in the wild) that some clients may not understand it - which would render your desire for maximum compatibility moot. 301 is probably the closest choice.

Pekka  2010-03-17 11:11:43
Now that you mention it... 'See Other' sounds awesome. I'll investigate compatability a bit, see if I can get away with that.Regarding the 301, I'm iffy about it because if you interpret it literally, you effectively invalidate the necessity of the in-between page. Granted, no browser is that stingy, so it's probably okay, but maybe you can understand my hesitance. :)
pinkgothic  2010-03-17 14:36:50
Just a quick follow-up, looks like I can use 303. So, thank you very much!
pinkgothic  2010-03-17 15:00:43
303 is widely used on the Semantic Web for content negotiation as a result of the W3C TAG httpRange-14 resolution http://lists.w3.org/Archives/Public/www-tag/2005Jun/0039.html Typically a well designed client will automatically do the GET when it receives a 303 response to get the actual resource, for example the .Net framework does this automatically
RobV  2010-03-18 13:27:26

related questions

Generic htaccess redirect www to non-www
Domain redirection to the same page and Google
Redirect Stdin and Stdout to File
Redirect all requests to ASP.NET MVC on IIS6
Firefox: visually flag redirect in address bar
.htaccess redirect performance
How to Show/Hide Panels before executing Response.Redirect
Redirect to a link using the default broswser in Windows Form based application
Cakephp redirect
What's the best way to automatically redirect someone to another webpage?
How to manage a redirect request after a JQuery Ajax call
Apache - Reverse Proxy and HTTP 302 status messsage
How do I POST from an iframe to another page outside the iframe?
Struts2 - How to do dynamic URL redirects?
How do I prevent ServerXMLHTTP from automatically following redirects (HTTP 303 See Other responses)?
How to create a GET request with parameters, using JSF and navigation-rules?
Best Way to Conditional Redirect?
Is there an easy way to request a URL in python and NOT follow redirects?
How to rewrite an URL on a JBoss server?
How to Implement a Redirect on All Requests (on certain conditions)?
Make apache automatically strip off the www.?
Redirect command to input of another in Python
Is it possible to use .htaccess to send six digit number URLs to a script but handle all other invalid URLs as 404s?
How do I get sun webserver to redirect from /
How do you redirect HTTPS to HTTP?