cfhttp fails to redirect on post

Hi @Michael Offner,

I've checked this cfhttp produce different results between GET and POST & Lucee act same as ACF. I hope this is not a bug, So can I close this ticket ?

Lucee _does _follow a 303 redirect using GET. For historical reasons, it seems 302 is misunderstood and wrongly used by most clients, and thus appears to have been replaced by 303 (use GET) & 307 (resubmit request matching original method)

https://en.wikipedia.org/wiki/HTTP_302
https://en.wikipedia.org/wiki/HTTP_303

I think that Lucee could follow the 302 with a GET as do most clients, but it would break any Lucee code which is not expecting 302 to behave this way. And since 303 is working in Lucee to the HTTP spec, I'd say that is sufficient going forward.

I don't think this is just an issue of redirecting the POST (that is, re-POSTing the data), which Mark and Mica are correct. Consider the common POST-redirect-GET architecture of a web application, wherein a form POSTs to an endpoint, which that endpoint returns a 302 location of the updated resource, then the browser redirects to the GET of that resource. Now, that scenario is certainly browser specific behavior, so should Lucee HTTP mimic a browser here?

The simple workaround is to make another http request using the location path from the prior request. Though I think it would be more obvious to users if Lucee receives a 302 on a POST, to follow that location with a GET to the location.

Thoughts?

http://programmers.stackexchange.com/questions/99894/why-doesnt-http-have-post-redirect
"Note that according to the W3.org spec, when the METHOD is not HEAD or GET, user agents should prompt the user before re-executing the request at the new location. You should also provide a note and a fallback mechanism for the user in case old user agents aren't sure what to do with a 307."

This is not really a bug, as far as I remember the underplaying library does not support this for security reasons. I will check.