Rectangle 27 0

Is HTTP POST request allowed to send back a response body?


I read that as saying "...redirect... or... identif[y]... new resource", but it's not exactly a plain English sentence.

I was replying to the question at the end of the body text, not the question in the title.

I was thinking on the same lines. Just wanted to make doubly sure. Thanks Rob.

It is perfectly acceptable to specify a response body and use the Location header at the same time. When using the Location header with a 201 response, you're not redirecting the client, you're just telling it where it can find the resource in future.

The Location response-header field is used to redirect the recipient to a location other than the Request-URI for completion of the request or identification of a new resource. For 201 (Created) responses, the Location is that of the new resource which was created by the request. For 3xx responses, the location SHOULD indicate the server's preferred URI for automatic redirection to the resource.

The W3C docs for this explain further, though the text is actually quite ambiguous:

What is the answer? is it "in a word, no" or "you can specify a response body and use the Location header at the same time"?

wondered that also; suggest a rephrase

Note
Rectangle 27 0

Is HTTP POST request allowed to send back a response body?


Based on paragraph 9.5 of the HTTP 1.1 specification, which is the reference for questions like that, here is my understanding:

If a resource has been created on the origin server, the response SHOULD be 201 (Created) and contain an entity which describes the status of the request and refers to the new resource, and a Location header (see section 14.30).

Responses to this method are not cacheable, unless the response includes appropriate Cache-Control or Expires header fields. However, the 303 (See Other) response can be used to direct the user agent to retrieve a cacheable resource.

The action performed by the POST method might not result in a resource that can be identified by a URI. In this case, either 200 (OK) or 204 (No Content) is the appropriate response status, depending on whether or not the response includes an entity that describes the result.

Yes you can, and the specification is clear about what you can do and how to do it:

Note