Redirecting Post Requests

Redirecting GET requests, which contain no data other then a query string, is a simple process. However, POST requests are more difficult to redirect because a browser responding to a 302 or 301 redirection converts an initial POST request to a GET request—a process that loses the original POST request data. Use of the 307 Temporary Move status code, which instructs the browser to preserve the POST verb in the redirection request, can prevent this problem. IIS won't send a 307 Temporary Move status code to clients unless you write server-side code forcing it to do so. (Forwarding user data to a server other than the one that the user explicitly specified in the original URL isn't a wise idea. According to the HTTP specification, browsers should always confirm POST redirection when they receive a 307 Temporary Move redirection.) Internet Engineering Task Force (IETF) Request for Comments (RFC) 2616 doesn't specify what a browser should do when it receives a 307 Temporary Move status code in response to a POST request. Rather, the RFC simply states that the browser should alert the user and present an option to proceed or to cancel without reposting data to the new location. Unless you write complex server code, you can't force POST redirection and preserve posted data. Therefore, the main article concentrates on the redirection of GET requests.