When you send a request with Postman and get a 301/302 redirect response, it follows the redirect with a forced GET. This means it sends a GET request to the redirect URL and doesn’t include the original HTTP method or Content-Type. This can result in two unexpected errors:
- 405 (Method Not Allowed).
- Example: You do POST request, it redirects with a GET request and fails since GET isn’t allowed.
- 415 (Media Type Unsupported).
- Example: You send a request with Content-Type=application/json. It redirects without the Content-Type, which causes the request to fail.
Here’s what this looks like in Postman Console. You can see the 301/302 redirect response followed by a GET request, resulting in a 415 error response:
There are two ways to avoid this problem: 1) Change Postman’s redirect behavior or 2) Return a Preserve Method redirect response. I’ll show how to do these next.
Option 1 – Change Postman’s redirect behavior
There are two ways to change Postman’s redirect behavior so it doesn’t do a forced GET redirect:
- Disable Automatically follow redirects (per-request or for all requests). This eliminates the issue completely.
- Or enable Follow original HTTP method (per-request only).
Here’s an example what the settings look like when you want it to automatically follow redirects using the original HTTP method:
Note: This is a per-request setting. You can’t set it globally for all requests (at least not in the current version).
This makes it follow 301/302 redirects using the original request HTTP method and Content-Type (if it has one). Therefore you won’t get the unexpected errors caused by the forced GET behavior.
Option 2 – Return a Preserve Method redirect response from your API
If you’re testing a web API that you can change, consider returning a Preserve Method redirect with status code 307 or 308 (instead of 301/302).
The standard convention is to return a 307/308 status code to indicate that the client should redirect using the original HTTP method. Postman handles Preserve Method redirects as expected (other clients do too – like HttpClient in .NET).
Of course, this is only a convention. You can define your API however you want. You can choose to simply return a 301 for all redirects if you want. Just be sure to explicitly state in your API documentation what redirect status codes you’re using and what the client should do with them.