From edb7699d1f321bc01e49567318d5db08b831ea54 Mon Sep 17 00:00:00 2001
From: Tim van Dijen <tim.dijen@minbzk.nl>
Date: Wed, 5 Jan 2022 11:02:12 +0100
Subject: [PATCH] Simplify HTTP status code to always be 303 on redirect
 (#1538)

---
 lib/SimpleSAML/Utils/HTTP.php | 15 +--------------
 tests/www/IndexTest.php       |  6 +++---
 2 files changed, 4 insertions(+), 17 deletions(-)

diff --git a/lib/SimpleSAML/Utils/HTTP.php b/lib/SimpleSAML/Utils/HTTP.php
index 278211d6a..f50db2605 100644
--- a/lib/SimpleSAML/Utils/HTTP.php
+++ b/lib/SimpleSAML/Utils/HTTP.php
@@ -225,26 +225,13 @@ class HTTP
             $url = $this->addURLParameters($url, $parameters);
         }
 
-        /* Set the HTTP result code. This is either 303 See Other or
-         * 302 Found. HTTP 303 See Other is sent if the HTTP version
-         * is HTTP/1.1 and the request type was a POST request.
-         */
-        if (
-            $_SERVER['SERVER_PROTOCOL'] === 'HTTP/1.1'
-            && $_SERVER['REQUEST_METHOD'] === 'POST'
-        ) {
-            $code = 303;
-        } else {
-            $code = 302;
-        }
-
         if (strlen($url) > 2048) {
             Logger::warning('Redirecting to a URL longer than 2048 bytes.');
         }
 
         if (!headers_sent()) {
             // set the location header
-            header('Location: ' . $url, true, $code);
+            header('Location: ' . $url, true, 303);
 
             // disable caching of this response
             header('Pragma: no-cache');
diff --git a/tests/www/IndexTest.php b/tests/www/IndexTest.php
index cd057203a..dcca01119 100644
--- a/tests/www/IndexTest.php
+++ b/tests/www/IndexTest.php
@@ -74,7 +74,7 @@ class IndexTest extends TestCase
         $resp = $this->server->get('/index.php', [], [
             CURLOPT_FOLLOWLOCATION => 0,
         ]);
-        $this->assertEquals('302', $resp['code']);
+        $this->assertEquals('303', $resp['code']);
         $this->assertEquals(
             'http://example.org/simplesaml/module.php/core/login',
             $resp['headers']['Location']
@@ -87,7 +87,7 @@ class IndexTest extends TestCase
         $resp = $this->server->get('/index.php', [], [
             CURLOPT_FOLLOWLOCATION => 0,
         ]);
-        $this->assertEquals('302', $resp['code']);
+        $this->assertEquals('303', $resp['code']);
         $this->assertEquals(
             'https://example.org/module.php/core/login',
             $resp['headers']['Location']
@@ -100,7 +100,7 @@ class IndexTest extends TestCase
         $resp = $this->server->get('/index.php', [], [
             CURLOPT_FOLLOWLOCATION => 0,
         ]);
-        $this->assertEquals('302', $resp['code']);
+        $this->assertEquals('303', $resp['code']);
         $this->assertEquals(
             'http://' . $this->server_addr . '/simplesaml/module.php/core/login',
             $resp['headers']['Location']
-- 
GitLab