Read more

Be very careful with 301 and 308 redirects

Tobias Kraze
September 14, 2017Software engineer at makandra GmbH

Browsers support different types of redirects.

Illustration online protection

Rails Long Term Support

Rails LTS provides security patches for old versions of Ruby on Rails (2.3, 3.2, 4.2 and 5.2)

  • Prevents you from data breaches and liability risks
  • Upgrade at your own pace
  • Works with modern Rubies
Read more Show archive.org snapshot

Be very careful with these status codes:

  • 301 Moved Permanently
  • 308 Permanent Redirect

Most browsers seem to cache these redirects forever, unless you set different Cache-Control headers. If you don't have any cache control headers, you can never change them without forcing users to empty their cache.

Note

By default Show archive.org snapshot Rails sends a header Cache-Control: max-age=0, private, must-revalidate with all responses, including redirects. That means redirects are never cached by browsers.

You do need to pay attention if you redirect outside of Rails, e.g. via your web server configuration.

Dealing with incorrectly cached redirects

The only fix is to keep redirecting the user to the correct page, so if you had

flowchart LR
  /page1--301-->/page2

but you want

flowchart LR
  /page1--301-->/page3

your only fix is to change it to

flowchart LR
  /page1--301-->/page2
  /page2--301-->/page3

This means that /page2 will become unusable as its own page.

Note that a 301 with an explicit expiry via Cache-Control is fine, and might be preferred for SEO purposes.

Posted by Tobias Kraze to makandra dev (2017-09-14 17:25)