Overview#HTTP 302 The HTTP Status Code Found is a common way of performing URL redirection.
An HTTP 302 will additionally provide a URL in the location HTTP Header Field. The user-agent (e.g. a web browser) is invited by a response with this code to make a second, otherwise identical, request to the new URL specified in the location field. The HTTP/1.0 specification (RFC 1945) initially defined this code, and gives it the description phrase "Moved Temporarily".
Many web browsers implemented this code in a manner that violated this standard, changing the request type of the new request to HTTP GET, regardless of the type employed in the original request (e.g. HTTP POST). For this reason, HTTP/1.1 (RFC 2616) added the new status codes HTTP 303 and HTTP 307 to disambiguate between the two behaviours, with HTTP 303 mandating the change of request type to HTTP GET, and HTTP 307 preserving the request type as originally sent. Despite the greater clarity provided by this disambiguation, the HTTP 302 code is still employed in web frameworks to preserve compatibility with browsers that do not implement the HTTP/1.1 specification.
More Information#There might be more information for this subject on one of the following:
- Authorization Response
- Covert Redirect Vulnerability
- HTTP 301
- HTTP Status Code
- Hybrid Flow
- OAuth 2.0 Security Best Current Practice
- OAuth 2.0 Vulnerabilities