Use 308 redirect instead of 301

[mkirkeng-leukeleu]

This is to make sure the HTTP method and body are kept intact when redirecting (see https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Status/308 for more). Previously any non-GET request to the http:... or www.... urls would be redirected (which is correct) but their methods would be reset to GET and the body lost.

[mkirkeng-leukeleu]

If we like this we should probably upstream this to DCS.

[153957]

Where did you encountered an issue with requests changing methods? Was it specific for the OIDC case?
Perhaps errors in other cases could indicate misconfiguration and should be fixed elsewhere (configuration)?

[mkirkeng-leukeleu]

Where did you encountered an issue with requests changing methods? Was it specific for the OIDC case? Perhaps errors in other cases could indicate misconfiguration and should be fixed elsewhere (configuration)?

IIRC it was noticed because of headless hidp. Request to DRF still go though nginx and any POST/PUT/PATCH requests would loose their body if send to an url without the www subdomain. So locally I would POST something to https://hidp.test and it would fail.

Edit: technically I think it's the client that changes the method but that's allowed according to the spec on a 301 but not for a 308, see the first callout on this page.

[153957]

Ok, so a 'newer' client could have been used, or queries performed directly to the www.hidp.test domain. I assume the queries (to the non-www domain) showed strange and unintuitive/unexpected errors, so this would help avoid that?

[mkirkeng-leukeleu]

Well the client in this case is just any client using the javascript fetch 😛 but yes queries directly to www. would also be a workaround (the one I have been using so far). But that's just a workaround and doesn't fix the issue. If forex. we configure any of our frontend applications to call the backend API using a url without the www. it would break there as well.