Add 307 / 308 Redirect Status Code Support

[davidwin93]

What type of PR is this? /kind bug /area conformance-test

What this PR does / why we need it:

This PR allows users to select either a 307 or 308 status code along with the existing options of 301 and 302. This matches RFC 9110 and by letting users select 308 it will match the existing nginx ingress behaviour of using a 308 for HTTP -> HTTPS redirects.

Which issue(s) this PR fixes:

Fixes #2748

Does this PR introduce a user-facing change?: This will allow users to select 307 or 308 as redirect status codes along with 301 and 302.

Adds support to select 307 or 308 status codes along with the current options of 301 and 302

[k8s-ci-robot]

Welcome @davidwin93!

It looks like this is your first PR to kubernetes-sigs/gateway-api 🎉. Please refer to our pull request process documentation to help your PR have a smooth ride to approval.

You will be prompted by a bot to use commands during the review process. Do not be afraid to follow the prompts! It is okay to experiment. Here is the bot commands documentation.

You can also check if kubernetes-sigs/gateway-api has its own contribution guidelines.

You may want to refer to our testing guide if you run into trouble with your tests not passing.

If you are having difficulty getting your pull request seen, please follow the recommended escalation practices. Also, for tips and tricks in the contribution process you may want to read the Kubernetes contributor cheat sheet. We want to make sure your contribution gets all the attention it needs!

Thank you, and welcome to Kubernetes. :smiley:

[k8s-ci-robot]

Hi @davidwin93. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[robscott]

Thanks @davidwin93, this will be a great improvement!

/ok-to-test

[LiorLieberman]

/cc

[mikemorris]

Note: For historical reasons, a user agent MAY change the request method from POST to GET for the subsequent request. If this behavior is undesired, the 307 (Temporary Redirect) or 308 (Permanent Redirect) status code can be used instead.

Is there any suggestion that we would want to include in docs for this behavior for 301 and 302 responses?

[kflynn]

I'd like to see the user-facing docs updated as part of this PR -- thanks!!

[davidwin93]

@LiorLieberman in regards to SupportedFeature do I need to wait for this to get in first? Do you happen to have any examples of any in flight work that is currently using this functionality, or would this be the first change to leverage supported features?

[candita]

this may benefit from a SupportedFeature for gradual enablement, because if this gets in, if there is any implementation that does not support 307 and 308 they go out of conformance

Can we add this as Extended (optional)?

[LiorLieberman]

@LiorLieberman in regards to SupportedFeature do I need to wait for this to get in first? Do you happen to have any examples of any in flight work that is currently using this functionality, or would this be the first change to leverage supported features?

no, these are two different things. when I said supported features I really meant a FeatureName - like https://github.com/kubernetes-sigs/gateway-api/blob/main/conformance/tests/httproute-response-header-modifier.go#L40 for example.

And @candita, to your point, adding a featureName would mean it is initially extended, but as said during the meeting, we should communicate clearly we are only doing it for gradual enablement, with intentions to move it to core (and remove the featureName) once we communicated it enough

[LiorLieberman]

@davidwin93 let me know if you need any assistance with this.

See recent commit that did the same thing almost - https://github.com/kubernetes-sigs/gateway-api/pull/3826/commits/e77c6120ea5bd66822f61c73225697b4c9e88010

[davidwin93]

@LiorLieberman thanks for that example. I've added some new tests with a new feature. I assume I should revert my changes to the existing conformance tests?

Ill also work on updating the docs shortly.

[sybereal]

Not sure if this needs to take a step back in terms of process, but I was wondering if it would be possible to also add the 303 status code to cover the entire space of redirect codes.

303 is a more standardized alternative to 302 which is already supported. There is some inconsistency in whether clients preserve the original request body and method or switch to GET with 302, while 303 clearly defines this behavior.

[mikemorris]

I'd be supportive of adding 303 as an acceptable analogue for 302 too @sybereal, adding support for that was a specific request from our Application Gateway for Containers team at Microsoft.

/cc @JackStromberg

[JackStromberg]

[like] Jack Stromberg reacted to your message:

---

From: Mike Morris @.> Sent: Thursday, June 26, 2025 4:25:09 PM To: kubernetes-sigs/gateway-api @.> Cc: Jack Stromberg @.>; Manual @.> Subject: Re: [kubernetes-sigs/gateway-api] Add 307 / 308 Redirect Status Code Support (PR #3823)

[https://avatars.githubusercontent.com/u/1149913?s=20&v=4]mikemorris left a comment (kubernetes-sigs/gateway-api#3823)https://github.com/kubernetes-sigs/gateway-api/pull/3823#issuecomment-3009056745

I'd be supportive of adding 303 as an acceptable analogue for 302 too @syberealhttps://github.com/sybereal, adding support for that was a specific request from our Application Gateway for Containers team at Microsoft.

— Reply to this email directly, view it on GitHubhttps://github.com/kubernetes-sigs/gateway-api/pull/3823#issuecomment-3009056745, or unsubscribehttps://github.com/notifications/unsubscribe-auth/ADSTTY6SGIIJIVJXTQ6K32T3FQNGLAVCNFSM6AAAAAB6EJLAHOVHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTAMBZGA2TMNZUGU. You are receiving this because you are subscribed to this thread.Message ID: @.***>

[youngnick]

I agree that adding 303 while we're adding things makes sense too, and I also agree that the user-facing docs should be updated as part of this.

Also very important to call this out as a planned transition, maybe with a timeline deprecating this FeatureName and moving it into Core conformance. I'd suggest adding this in v1.4, and planning on removing this Feature and making it conformance in v1.8 (probably early 2027).

[robscott]

Also very important to call this out as a planned transition, maybe with a timeline deprecating this FeatureName and moving it into Core conformance. I'd suggest adding this in v1.4, and planning on removing this Feature and making it conformance in v1.8 (probably early 2027).

@youngnick To clarify, are you suggesting adding a temporary feature name to cover these new status codes with the idea that it would merge into the existing feature name in the future?

[youngnick]

Yes, that's it. We haven't done that before, but I don't see why we can't, as long as we document everything clearly.

[robscott]

Yes, that's it. We haven't done that before, but I don't see why we can't, as long as we document everything clearly.

SGTM, look like we're on the same page here, just wanted to confirm.

[davidwin93]

@youngnick for documentation would updating this doc be the correct place or should this be documented elsewhere?

[robscott]

@youngnick for documentation would updating this doc be the correct place or should this be documented elsewhere?

Yep, that looks correct to me

[LiorLieberman]

@davidwin93 just checking in, anything we can help with?

[davidwin93]

@LiorLieberman Sorry it's been a bit busy. Im planning on getting back to this in the next few days.

[davidwin93]

@LiorLieberman this should be good for another pass. I believe I've addressed the comments correctly.

[rikatz]

do we have some implementation already supporting these return codes, just so we can do a run and guarantee that conformance is also ok?

Thanks!

[josh-pritchard]

Thanks everyone for the work and discussion on this. I completely understand why this has taken some time to make it in, and also why it didn't make the most recent release. These things happen, and the process around release management and validation criteria is important to keep stable.

That said, I do want to highlight a concern from the perspective of downstream adopters and integrators. When changes like this can't make it into a patch or minor release—even when they're relatively small, such as expanding an enum or adding a bit of CEL validation—it effectively means that these improvements can take close to a year to reach users, given the six-month release cadence.

That long gap can make it difficult for projects building on Gateway API to support their users or align on conformance, especially when a missing option or validation rule blocks certain use cases. Over time, this can lead to the same challenges that the Ingress API experienced, where implementations resorted to annotations or custom extensions to fill gaps that the upstream API couldn't evolve quickly enough to cover. You can see in the reference above where we have moved to do exactly that in kgateway due to this not merging and that given prior discussion here our understanding is that changes like this can only go in minor versions.

For those reasons, I'd like to suggest we re-evaluate how we classify and handle changes like this. It seems like there should be a safe path for small, backward-compatible improvements to land in patch releases, especially when they improve expressiveness or correctness without changing behavior or compliance.

Really appreciate everyone's continued work here; I just want to make sure Gateway API can keep evolving fast enough to stay broadly usable across the ecosystem.

[kflynn]

This is part of the point of the changes discussed in #4164 -- the idea is that yes, it should be faster to get things into an experimental-channel release that people can experiment with.

[josh-pritchard]

Thanks @kflynn! A very timely discussion, from a skim I think moving to a model of monthly releases for the experimental channel makes a lot of sense. To make sure I understand correctly, in the context of this PR where there is an agreed upon change that should be made to the stable & experimental versions simultaneously, it just means that the changes would be available at most within a month of merging via the experimental channel? Then they will be in the next stable release whenever that happens?

[robscott]

That said, I do want to highlight a concern from the perspective of downstream adopters and integrators. When changes like this can't make it into a patch or minor release—even when they're relatively small, such as expanding an enum or adding a bit of CEL validation—it effectively means that these improvements can take close to a year to reach users, given the six-month release cadence.

You're completely right, this took too long to get in. Improving this is a big focus for us, a big thanks to @kflynn for helping move this forward.

[robscott]

There was some concern if this was too late to squeeze in before v1.4, but now that that release is out, I think it's past time to get this change in.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: davidwin93, robscott

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• ~~OWNERS~~ [robscott]

Approvers can indicate their approval by writing /approve in a comment Approvers can cancel approval by writing /approve cancel in a comment