4

I have an HTML form performing a DELETE request (method = POST & hidden X-HTTP-Method-Override = DELETE)

When the DELETE request is successful, how do I tell the browser to redirect to another page? Is 303 + header location okay?

Currently, the browser doesn't display the empty response but keep the previous response (I guess because of the 204 status code). If I add a location header (still 204 status code) it does not change the location.

With 303+location I have the desired behavior but I wonder if 303 is a valid status code after a successful DELETE. What about 202 (Accepted) DELETE ?

Brian Tompsett - 汤莱恩
  • 5,753
  • 72
  • 57
  • 129
Mathieu
  • 5,495
  • 2
  • 31
  • 48
  • That's a POST request, not a DELETE request. – Julian Reschke Jul 24 '15 at 05:25
  • @JulianReschke the API actually DELETE request but it's not possible in all major browser to do a DELETE request without javascript (it's only a
    in a page here). So the api look for X-HTTP-Method-Override form param to override the http method
     – Mathieu Jul 24 '15 at 14:25
  • No browser supports DELETE in forms. It's not part of HTML. Anyway: a POST request is a POST request, no matter how many custom headers you attach to it. – Julian Reschke Jul 27 '15 at 04:13
  • @JulianReschke yes, maybe I shouldn't have mention this in the question. What I want to know was what was the correct status code of a successful DELETE. That I abused a form param to fake the http method was unrelated – Mathieu Jul 27 '15 at 09:40

1 Answers1

2

303 plus Location is the best choice. Don't worry about what a "successful DELETE" is or means, because you're using POST, which has a different set of semantics, and 303 is tailor-made for redirecting POST requests:

10.3.4 303 See Other

The response to the request can be found under a different URI and SHOULD be retrieved using a GET method on that resource. This method exists primarily to allow the output of a POST-activated script to redirect the user agent to a selected resource. The new URI is not a substitute reference for the originally requested resource. The 303 response MUST NOT be cached, but the response to the second (redirected) request might be cacheable.

fumanchu
  • 14,419
  • 6
  • 31
  • 36
  • maybe I shouldn't have said I was using a POST request: i'm using a POST a request here only because i can't d DELETE request in an HTML form (without javascript) other client will be doing a DELETE request. a POST+X-HTTP-method-override=DELETE request is seen by the controller as DELETE request. anyway, I think I will stick to 303 and mark you response as the answer if nobody came up with a better solution :) – Mathieu Apr 26 '11 at 08:44
  • I pick HTTP DELETE, and while returning proper 204 to be REST agnostic I passed redirect URL in headers – andilabs Apr 29 '20 at 12:28