I am specifying a ReST service. I recently stumbled on this IETF draft document which could be interpreted as suggesting that ReST services should always return 308. Note that the document seems to have expired without being superseded (I'm not very clear on the IETF process).
I had it in my mind earlier that a service should return "301 Moved Permanently" for a GET and a "308 Permanent Redirect" for a POST to ensure it is not inappropriately converted to a GET (by something trying to be clever).
Uses of both 301 and 308 seem to be expressed in terms of SHOULDs and SHOULD NOTs rather than MUSTs and MUST NOTs, so it is unclear what "the right thing" is philosphically.
Pragmatically 301 for GET and 308 for POST should work. 308 for GET is not wrong as the current revision at the time of writing includes an example of 308 being produced in response to a GET. Now there is a deployment concern that if a client doesn't understand 308 it should treat it like a 300 (rather than a 301 which makes more sense to me) but 308 is now widely understood so the question becomes if or why should you ever use HTTP 301?
If 308 is essentially a bug fix for 301, why isn't 301 officially deprecated in HTTP/1.1? Is there a legitimate use case for converting a POST into a GET for a redirect in ReST or in more generally in HTTP?
For 301 HTTP/1.1 says:
Note: For historical reasons, a user agent MAY change the request method from POST to GET for the subsequent request.
Why was that ever a good idea? Is it still valid anywhere?
See also:
- What's the difference between HTTP 301 and 308 status codes? which provides good coverage of the difference between 301 and 308 but does not cover this point.
- How should client of Restful API handle http status 301 redirect upon POST?
- What's the deal with HTTP status code 308?