Differences between 302 and 303 in http protocol, and between 302 and 303
Http1.0 only has 302 yards and no 303 status codes;
Http1.1, by default, many server-side infrastructure programs, in order to be compatible with http1.0, also responded 303 to the client in case of a 302 response.
Problems encountered:
Scenario: when the entire web system uses https, redirect is used in the program. The result shows that the redirect request after redirect is changed to http, and the response code of redirect is 302. question: iframe is used in the combination of pages because the entire application is embedded. The entire website includes the https protocol used by all requests of the parent page and the iframe sub-application, however, an http request occurs after the redirect request of the iframe sub-application. There is no problem in browsers such as ie and firefox, (because they send the http requests in the iframe sub-application to the server as well, when receiving the http request, the server will force the client to use the https redirect request), at this time, there is still no impact on our system (only one redirection request is added but not visible to the user );
However, in chrome, the http request of iframe is intercepted, prompting that http access is not allowed in a secure https environment, causing the page to die before redirection, the target page cannot be correctly redirected.
The problem may seem confusing, but in browsers with strict security restrictions, the problem is also obvious. At that time, I only saw the phenomenon. I didn't understand the cause and principle at all. So we found a solution based on the symptoms. We used spring mvc and found a similar problem in stackoverflow. By setting the redirectHttp10Compatible attribute of viewResolver to false, the compatibility with the http1.0 protocol is disabled, the redirect response code of the program is changed to 303, and the subsequent redirect requests maintain the same https protocol.
Therefore, when the browser receives the two different response codes in the https-structured web system with status codes 302 and 303, http and https are used to redirect requests respectively. Search for understanding on the internet,
- 302 = <"HTTP/1.1 302 Found (or Moved Temporarily )",
- 303 = <"HTTP/1.1 303See Other ",
The difference does not exist. Therefore, I understand that the 302 response code is the standard of http1.0. At that time, the corresponding https protocol was not supported. Therefore, in order to be compatible with http1.0, In the 302 status code, when you encounter an https redirect request, it will also be forwarded using http. While 303 is the standard of http1.1, the browser will maintain the same https redirect request.
Question description in springmvc:
The project is deployed in websphere, And the whole site runs under https. When the internal jump through spring redirect, the link address starts with https and changes to the beginning of http. In this case, the project request cannot be accessed.
1 <bean id = "viewResolver" class = "org. springframework. web. servlet. view. InternalResourceViewResolver"> 2 <! -- RedirectHttp10Compatible, the compatibility with http1.0 protocol is disabled --> 4 <property name = "redirectHttp10Compatible" value = "false"/> 5 <! -- View is used for display. jsp is used here, and velocity can also be used for --> 6 <property name = "viewClass" value = "org. springframework. web. servlet. view. jstlView "/> 7 <property name =" contentType "value =" text/html; charset = UTF-8 "/> 8 <property name =" prefix "value ="/WEB-INF/view/"/> 9 <property name =" suffix "value = ". jsp "/> 10 </bean>
Address: http://ayis.iteye.com/blog/2177023