307 Temporary Redirect
Redirect - Temporary, preserves HTTP method
HTTP 307 Temporary Redirect
What It Means
The HTTP 307 Temporary Redirect tells the client that the resource has temporarily moved to a different URL. Unlike 302, it guarantees that the HTTP method and body will not change when following the redirect.
307 vs 302: The Critical Difference
When redirecting a POST request:
- 302: Browser may change POST to GET (historical behavior)
- 307: Browser must keep POST as POST with same body
When to Use 307
- API redirects: When POST/PUT/DELETE must reach new endpoint with body intact
- Form submissions: Redirecting form POSTs to different handler
- HTTPS upgrade: HTTP → HTTPS while preserving POST data
- Load balancing: Temporarily routing requests to different server
Example Response
POST /api/orders HTTP/1.1
Host: example.com
Content-Type: application/json
{"item": "widget", "qty": 5}
---
HTTP/1.1 307 Temporary Redirect
Location: https://api2.example.com/api/orders
(Browser re-sends POST with same body to new URL)Redirect Code Comparison
| Code | Permanent? | Preserves Method? |
|---|---|---|
| 301 | Yes | May change to GET |
| 302 | No | May change to GET |
| 307 | No | Yes, guaranteed |
| 308 | Yes | Yes, guaranteed |
HSTS and 307
When HSTS (HTTP Strict Transport Security) is enabled, browsers internally use 307 to redirect HTTP to HTTPS. This is called an "internal redirect" and preserves the request method.
Implementation
Express.js
app.post('/old-endpoint', (req, res) => {
res.redirect(307, '/new-endpoint');
});Nginx
location /old-endpoint {
return 307 /new-endpoint;
}Important Notes
- Browser will ask user confirmation before resending POST with body
- For permanent method-preserving redirects, use 308
- Location header is required