Home > Software engineering >  Should `Location` header be returned on `POST` if the URL didn't change?
Should `Location` header be returned on `POST` if the URL didn't change?

Time:12-15

I'm trying to determine whether or not the Location header should be included as result of a POST call, when a new resource is created and the its url doesn't change.

For what I understand from the doc, the Location is needed if you want to return to a different location.

The HTTP rfc says:

"redirect the recipient to a location other than the Request-URI"

14.30 Location

The Location response-header field is used to redirect the recipient to a location other than the Request-URI for completion of the request or identification of a new resource. For 201 (Created) responses, the Location is that of the new resource which was created by the request.[...]

Mozilla docs say:

"its location being either the URL of the request, or the content of the Location header"

The HTTP 201 Created success status response code indicates that the request has succeeded and has led to the creation of a resource. The new resource is effectively created before this response is sent back and the new resource is returned in the body of the message, its location being either the URL of the request, or the content of the Location header.

What makes me doubt is the "other than" and "or" parts

CodePudding user response:

The HTTP rfc says...

FYI: that's out of date. The authoritative definition of an HTTP header is (currently) found by checking the HTTP Field Name Registry to find the registered reference for a field.

For the Location header, the current reference is https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-semantics#section-10.2.2

I'm trying to determine whether or not the Location header should be included as result of a POST call, when a new resource is created and the its url doesn't change.

So here's what we have in today's specification of POST:

If one or more resources has been created on the origin server as a result of successfully processing a POST request, the origin server SHOULD send a 201 (Created) response containing a Location header field that provides an identifier for the primary resource created (Section 10.2.2) and a representation that describes the status of the request while referring to the new resource(s).

We can also look at 201 Created

The _201 (Created)_ status code indicates that the request has been fulfilled and has resulted in one or more new resources being created.  The primary resource created by the request is identified by either a Location header field in the response or, if no Location header field is received, by the target URI.

So in the case where the primary resource created is identified by the target URI, omitting the Location header means the same thing as including it.

So you've got options. I'm biased toward including it - when a human being is looking at the response headers, they are probably distracted by a problem (who reads headers for fun), and requiring the human to remember the target URI / cross reference against the request is unnecessary strain.

CodePudding user response:

I've got to the conclusion to always include the Location header regardless of whether or not the request uri is the same, that way when a resource is created the response is consisten across the board.

  • Related