I have a Karate test that sends a POST that then will send back a redirect to a dummy address. With a recent Spring upgrade, I am now seeing the redirect coming back as a 303 rather than a 302.
I do not want this 302 URL to be followed with a request. The test just verified that we got a 302 back, and continued with more validation. This is what I have been seeing up until the Spring upgrade. However, with the 303 returned, it is then followed by a GET request to the dummy URL, which then fails with an UnknownHostException. I think perhaps due to the presence of Expires: 0 in the headers of the 302. The 303 does not contain this header (or Pragma: no-cache but I can't see how that would affect it). Below are the reponse headers for each, with differences highlighted with *
302
5 < 302
* 5 < Cache-Control: no-cache, no-store, max-age=0, must-revalidate
5 < Connection: keep-alive
5 < Content-Language: en-US
5 < Content-Length: 0
5 < Date: Mon, 16 Mar 2020 12:04:55 GMT
* 5 < Expires: 0
5 < Location: http://anywhere?key=value&code=iXAnzC
* 5 < Pragma: no-cache
5 < Server: nginx/1.17.9
5 < X-Content-Type-Options: nosniff
5 < X-Frame-Options: DENY
5 < X-XSS-Protection: 1; mode=block
303
5 < 303
5 < Cache-Control: no-store
5 < Connection: keep-alive
5 < Content-Language: en-US
5 < Content-Length: 0
5 < Date: Fri, 13 Mar 2020 11:06:31 GMT
5 < Location: http://anywhere?key=value&code=05O7lL
5 < Server: nginx/1.17.9
5 < X-Content-Type-Options: nosniff
5 < X-Frame-Options: DENY
5 < X-XSS-Protection: 1; mode=block
We do not explicitly set these headers so it will be Tomcat/NGinx behaviour, which means it's going to be standard on many servers. Is this generally expected behaviour with 303's or is this related to the differences in the headers?
Aucun commentaire:
Enregistrer un commentaire