'Difference between direct and redirected POST requests?
I'm using a POST request to call a URL (1) with some form data. It returns a response code of 302 Found with a Location in the header. Naturally, another request is made to the new URL (2) and that's when I get a 200 OK status. Below is the second request (pulled from Insomnia's timeline), the one that automatically gets called because of the 302 status code:
> POST /booking/2 HTTP/1.1
> Host: *some url*
> User-Agent: insomnia/2021.7.2
> Cookie: *some cookie*
> Content-Type: multipart/form-data; boundary=X-INSOMNIA-BOUNDARY
> Accept: */*
> Content-Length: 196
| --X-INSOMNIA-BOUNDARY
| Content-Disposition: form-data; name="data 1"
| ab
| --X-INSOMNIA-BOUNDARY
| Content-Disposition: form-data; name="data 2"
| cd
| --X-INSOMNIA-BOUNDARY--
and its response:
< HTTP/1.1 200 OK
< Date: *some date*
< Server: Apache
< Cache-Control: must-revalidate, no-cache, private
< Expires: *some date*
< Last-Modified: *some date*
< pragma: no-cache
< served-by: *some url*
< content-language: fr-FR
< Vary: Cookie,Accept-Encoding,Authorization
< Content-Type: text/html; charset=utf-8
< X-Varnish: 89184205
< Age: 0
< X-Cache: Miss from Varnish
< Accept-Ranges: bytes
< Transfer-Encoding: chunked
The issue is that when I directly call that same URL (2) using a POST request, with the same exact data, I get redirected to the website's main page. The access to that URL (2) is restricted and is only allowed when the request comes as a redirect from the first URL (1). I tried comparing the two requests, and they're exactly the same. There's no missing data, header information, or any other stuff. Here's my direct call to the same URL:
> POST /booking/2 HTTP/1.1
> Host: *some url*
> User-Agent: insomnia/2021.7.2
> Cookie: *some cookie*
> Content-Type: multipart/form-data; boundary=X-INSOMNIA-BOUNDARY
> Accept: */*
> Content-Length: 196
| --X-INSOMNIA-BOUNDARY
| Content-Disposition: form-data; name="data 1"
| ab
| --X-INSOMNIA-BOUNDARY
| Content-Disposition: form-data; name="data 2"
| cd
| --X-INSOMNIA-BOUNDARY--
and its response:
< HTTP/1.1 302 Found
< Date: *some date*
< Server: Apache
< Location: *website's main page*
< Cache-Control: max-age=1
< Expires: *some date*
< Content-Length: 236
< Content-Type: text/html; charset=iso-8859-1
< X-Varnish: 2949042
< Age: 0
< X-Cache: Miss from Varnish
< Vary: Accept-Encoding
Any idea what I'm missing here?
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|