0

In my RESTful API I return a redirect (303) in some special cases (e.g. an internal subscription is expired; I know this doesn't sound REST). In order to test my API I wrote a simple webpage using jQuery. However, in case I get a 303 it seems like the browser (XHR?) takes care of the redirect itself and GETs the new resource. As this is hidden from the Ajax call it gets just a 200 at the end. Of course this is misleading as the original call didn't succeed! Obviously this is not what I had in mind: I wanted my client-script to know it has to do something different (-> GET another resource).

Now I'm asking myself whether it's a good idea to even return a 303? Instead I could return a simple 4xx and leave the client on its own.... (probably starting from scratch)

$.ajax({
url: self.links()[0].href,
type: "POST",
statusCode: {
    200: function () {
        //I always ended up here
    },
    303: function () {
    }
},
complete: function (e, xhr, settings) {
    if (e.status === 200) {
        //..and then here
    } else if (e.status === 303) {
    } else {                           
    }
}
Dunken
  • 8,481
  • 7
  • 54
  • 87

2 Answers2

1

jQuery $.ajax always follows redirects. I'm afraid it can't be disabled.

Returning redirect as response to XHR request

How to prevent jQuery ajax from following a redirect after a post?

Community
  • 1
  • 1
MaX
  • 1,765
  • 13
  • 17
  • OK, but how is the client supposed to know its call failed? As it got a 200 it might think everything went just fine... – Dunken Jun 06 '13 at 11:59
  • 2
    Because it redirect to a service that responds with 200, technically the call went just fine. If you want the client to fail you should return a non-3xx code. If you just want your ajax call to fail you could try the solution proposed in the second link where you determine whether it's an ajax call, and if it is then return e.g. a 404. Or, breaking RESTfullnes, not return the redirect URL. – MaX Jun 06 '13 at 12:03
0

The answer is a bit late :), but I had to research it myself.

API should return 401 Not Authorized, but web page should return 302/303 Redirect  From https://aspnet.uservoice.com/forums/147201-asp-net-web-api/suggestions/2856315-add-option-to-return-401-not-authorized-instead-of And   ASP.NET Web API : Correct way to return a 401/unauthorised response

  The HTTP response status code 302 Found is a common way of performing URL redirection. An HTTP response with this status code will additionally provide a URL in the location header field. The user agent (e.g. a web browser) is invited by a response with this code to make a second, otherwise identical, request to the new URL specified in the location field. From https://restfulapi.net/http-status-codes/.

In other  words, if javascript make ajax call and receives 302, it will do another ajax call to a new location, but will not redirect the whole page to a new URL    ASP.NET Web API : Correct way to return a 401/unauthorised response

Another related discussion is in ASP.Net 5 (vNext) Web API unauthorized requests returns 302 redirect response instead of 401

Michael Freidgeim
  • 26,542
  • 16
  • 152
  • 170