Just do hexo page optimization, we found a local test returns http 307. I've never seen this response code, then do some research.
related articles:
http 307
In rfc specification, http 307 Temporary Redirect is a temporary redirect.
Redirection is usually common:
- 301: Permanently Moved, permanent redirect
- 302: Temporarily Moved, temporary redirect
The difference is that HTTP 307 and 302: 307 requires that the client does not change the original request method, URI specified in the Location header access. For 302, realize a lot of clients that use the GET direct access to the redirection address.
example
Client requests
1 |
POST /index.php HTTP/1.1 |
Server responds
1 |
HTTP/1.1 307 Temporary Redirect |
Then the client must redirect access POST method https://www.example.org/
.
Local test generation http 307
The next _config.yml
configuration
1 |
# Internal version: 2.1.5 & 3.5.7 |
Usually write url address, typically http or https, but there are examples next //
.
//
Meaning that the agreement follows the current page. If the current page is http protocol, then sent out a request is http; if the current page is https, then the issue go away https. //
The benefits of writing is that no agreement concerns only need to focus URI path. If one day change occurs protocol, such as http upgraded to a full stop https, you do not have to modify the code completely.
But this does not explain why the returned http 307.
A closer look at response header, in addition to Location
indicating the redirection address, there
1 |
Non-Authoritative-Reason: HSTS |
HSTS is HTTP Strict Transport Security (English: HTTP Strict Transport Security), mentioned in the previous article:
Because the local test, using the http://localhost:4000
access, so //
the page protocol is http. But cloudflare.com opened HSTS, all requests must be https protocol. The original http request for cloudflare.com must be upgraded to https.
In fact, the 307 response is not generated cloudflare.com, chrome browser is doing a good thing.
The way Chrome shows this in the network tab is by creating a dummy 307 response with a redirect to the https version of the address. But that’s a fake response and is not generated by the server - the reality is Chrome did that internally before the request even went to the server.
We note that, rfc is defined http 307 Temporary Redirect, and shot shows Internal Redirect. Recall HSTS only take effect after the 1st http access. If you do not do this chrome return, what will be the process of it:
- Local client http access cloudflare.com
- To access the server resources with https indicate the way
- So https local clients to access resources cloudflare again
Way more than a network request.
Because chrome HSTS maintain a list of sites, you must know cloudflare way to https request. After then intercepts http requests to https direct access, while the dummy 307 made in response.
Small experiment
The next is _config.yml
from //
modified to https://
test again
It is a direct http 200.
summary
//
Dead than to write specific http, https more flexible, recommended- http 307 Temporary Redirect, temporary redirect, not a request to change the way customers
- chrome know HSTS site, http request will be automatically rewritten as HTTPS these sites, and increase header in Response
Non-Authoritative-Reason: HSTS
, and the response code 307 is parsedInternal redirect
The author ycwu314, backup address https://ycwu314.github.io/p/http-307/