http - How can I change the redirect method in Spring Security from 302 to 303? -
i utilize spring security 3.2.1 secure spring mvc application deployed tomcat.
when web session expires, spring security automatically redirects user login page. however, of ajax requests utilize put, post , delete methods. when 1 of requests gets redirected, firefox shows dialogue (other browsers behave differently):
this normal behaviour redirect 302 status code according http/1.1 specification says:
if 302 status code received in response request other or head, user agent must not automatically redirect request unless can confirmed user...
i rid of dialogue. think, dialogue not appear if spring security used response 303 status code (not 302). how can alter status code 303?
1) rfc 2616 obsolete. text in current spec reads (http://svn.tools.ietf.org/svn/wg/httpbis/specs/rfc7231.html#rfc.section.6.4):
the 3xx (redirection) class of status code indicates farther action needs taken user agent in order fulfill request. if location header field (section 7.1.2) provided, user agent may automatically redirect request uri referenced location field value, if specific status code not understood. automatic redirection needs done care methods not known safe, defined in section 4.2.1, since user might not wish redirect unsafe request.
2) firefox in process of removing these prompts. see https://bugzilla.mozilla.org/show_bug.cgi?id=677754
3) whether 303 more appropriate 302 depends on semantics of redirect are.
http firefox spring-mvc redirect spring-security
No comments:
Post a Comment