pierrelf.com
Description#
When the browser navigates to a URL and receives an HTTP redirect response (3xx status code), it should automatically follow the redirect chain to the final destination.
Requirements#
Redirect Status Codes#
- 301 Moved Permanently — follow redirect, change POST to GET
- 302 Found — follow redirect, change POST to GET (de facto behavior)
- 303 See Other — follow redirect, always use GET
- 307 Temporary Redirect — follow redirect, preserve original method and body
- 308 Permanent Redirect — follow redirect, preserve original method and body
Behavior#
- Follow the
Locationheader to the next URL - Resolve relative
LocationURLs against the request URL - Limit redirect chain to 20 hops (prevent infinite redirect loops)
- Update the displayed URL to the final URL after all redirects
- Update the history entry URL to the final URL
- Preserve (or strip) request headers appropriately across redirects
- Strip
Authorizationheader when redirecting to a different origin - Handle redirect loops gracefully (show error page, don't hang)
Integration#
- Works for both top-level navigation and subresource fetches (images, CSS, scripts)
location.hrefreflects the final URL after redirects- Redirect info available for fetch API (
response.redirected,response.url)
Acceptance Criteria#
- 301/302/303 redirects are followed and method changed to GET
- 307/308 redirects preserve the original method
- Redirect chain limit of 20 is enforced
- Redirect loops are detected and produce an error
- Final URL is reflected in the address bar and
location.href - Cross-origin redirects strip sensitive headers
- Unit tests for each redirect status code and edge cases