Post/Redirect/Get

Diagram of a double POST problem encountered in user agents.
Diagram of the double POST problem above being solved by PRG.

Post/Redirect/Get (PRG) is a web development design pattern that allows for the page shown to the user after a form submission to be reloaded, shared or bookmarked without certain ill effects such as submitting the form another time.

When a web form is submitted to a server through an HTTP POST request, a web user that attempts to refresh the server response in certain user agents can cause the contents of the original POST request to be resubmitted, possibly causing undesired results, such as a duplicate web purchase.[1]

To avoid this problem, many web developers use the PRG pattern[2]—instead of returning a web page directly, the POST operation returns a redirection command. The HTTP 1.1 specification introduced the HTTP 303 ("See other") response code to ensure that in this situation, the web user's browser can safely refresh the server response without causing the initial POST request to be resubmitted. However, most common commercial applications in use today (new and old alike) still continue to issue HTTP 302 ("Found") responses in these situations.

The PRG pattern cannot address every scenario of duplicate form submission. For example, if a web user refreshes before the initial submission has completed because of server lag, a duplicate POST request will occur in certain user agents.

BookmarksEdit

User agents (such as browsers) store only the URI of an HTTP request as a bookmark. Because of this, an HTTP POST request that results in a response based on the body of the HTTP POST request cannot be bookmarked. By using the PRG pattern, the URI of the request can safely be bookmarked by a web user.

Proxy serversEdit

Since redirects are using absolute URIs, one has to take care about proxy servers (HTTP→HTTPS) and reverse proxy servers. If your application is such that a user uses an SSL tunnel to reach your site, this can cause problems also. (You may be able to use the Referer header to discover the domain and port the user is actually entering.)

ReferencesEdit

  1. ^ Grinberg, Miguel (2014). Flask Web Development. O'Reilly. pp. 44–46. ISBN 978-1-449-37262-0.
  2. ^ p36, "Universal Design for Web Applications", by Wendy Chisholm and Matt May, O'Reilly Media, Inc., 2008

External linksEdit