How to redirect to another address?

So I'm pretty new to making a website and I'm still learning,
I have designed a login page so far and have written two nodes for this page, one for generating an authorization-token, another to check the validity of a token against the database and the validity of the session based on time.
Here are two things I'm stuck on:

1 - I used another sample upload project to see how requests and responses work with the http-in and http-response nodes, the page is loaded according to what is loaded from the template node (html code) so I wonder shouldn't the browser use the response header's? as I set the location header for the response in http-out node but that is not used. which brings me to this point: what are these headers used for if they are not translated by the browser? (what I have read before was that the request and response had headers which are used by the browser itself.)

2 - Assuming we have cleared the problem before, how can I send the data read from the page (template node containing html) to the function node without using http-response and http-in excessively (should I use the http-request node in between them?) and then use that function node to redirect to different locations?

Again I'm sorry if my questions are basic but I have been doing all the work by myself for getting this up and running and learning so many different things to do it that I get confused sometimes, and I have had no experience in designing a website before.

(I do have general knowledge about GET and POST, request codes, I use JS to do the coding, for now the webpage is just a prototype I got the code from another site only to be able to test my back end, it will definitely be redesigned once the back-end works correctly)

here is the part of the flow that contains most of the things I'm currently working on and mentioned here:

note that the template node is to be connected to the function and http-in

Which status code did you give the location header ? It will only work with a 201 or 302 i believe.

tried setting msg.statuscode to 302 (msg.statuscode = 302), but still did not redirect to the location header included in the response
EDIT: neither did setting it to 201 help. the thing is the html code is set to redirect the page to page x, but I have set the location Header on the http-response (and in a function before that : msg.res.location = "page y") to page y , but the result is still redirecting to page x

Am I getting wrong how the location header should work?

JavaScript is case sensitive. It would be msg.statusCode

Use your browsers dev tools --> network tab to see what status code you are actually getting at the browser.

my bad, didn't realize the c was capital in the first place, the 201 code did not work either way, but 302 worked as a test , will try to get it to work with the actual addresses.

should any other code work with the location?

also how can I do a masked redirect with this method? I want to redirect every user to a different address but don't let them actually know what it is?

A 201 informs that a new location resource was created and can be accessed under that location.
Note that these response codes are not just for browsers, but mainly applications that interact with things like API's.

I want to redirect every user to a different address but don't let them actually know what it is?

That is not possible - if you mean to display non-existing url.

If you mean a url with some token parameter on the end, then yes. Often these things are handled via session cookies though, depending on what you actually want to do.

Ok I think I asked it wrongly,
Every user will be redirected to a different url
User a to http://url/x
User b to http://url/y
User c to http://url/z
The question is not how to do it, and isn't about wether that url exists or not

I don't want the user to see it as http://url/x or http://url/z,
I want them all to see it as http://url/
As to mask the user specific subdomains, they are accessing different URLs but they all see one Unified URL
In short terms I want to hide the redirected URL from the users

The easiest approach to this is to use a reverse proxy rather than Node-RED. It would do this easily. Have a look at setting up NGINX or Caddy for example.

In fact I am using nginx (nginx Proxy Manager) to setup a reverse proxy, the problem is I setup nginx on my own and it did not work at all, and when I use the nginx Proxy Manager I still can't give it a location to connect to, and here is more details:

I have a couple of docker containers on Ubuntu and I can access these Docker containers through ports, but when I assign a location to be rerouted to that port through nginx Proxy Manager, the servers wants to load a web page at that location instead of connecting to that port, this is where I am having trouble, redirecting a location through the reverse proxy to a port.
(Also I still have problem understanding the docker ports conception of publishing more or less, but for now this is my main problem)

I've previously shared some config and you can find some details in the uibuilder tech docs How to use NGINX as a reverse proxy with TLS and identity authentication ( - that is somewhat uibuilder focussed but generally applies to node-red.

ok thanks , I will look at that and try implementing them,
also another matter,
How can I send the submit result from a button (sent with /POST method) written in a template html directly to a function node afterwards? by directly I mean without sending it to another webpage or file, as you know a form has the action property and submit acts according to that, and that action accepts either a file or location

Depends what you are using for your web app.

If using raw http-in/-out, you must define another web page to accept the POST. Or you could add a websocket client to your origin page and send to a websocket-in node.

However, this is one of the reasons I wrote uibuilder. It handles all the comms for you and you get a pre-configured event handling function that you can attach to the click event of a button (or any other DOM event for that matter).

Yeah I get that and uibuilder seems like a descent solution for creating a web app, specially in my case which I already have problems with using an external JS library, but since I am on a deadline and I have to deliver at least a trial version I have to postpone using uibuilder to a later delivery, since I have to learn How to use it first.
but from what I already saw uibuilder really fills a large gap that solves a lot of problems and simplifies writing a webapp or webpage to a degree.
I am using this only as an authentication gateway to deliver access to a number of docker containers based on specific user.

Well, not what you want to here I'm sure but I don't believe I would have used Node-RED for that use case at all I'm afraid. Your proxy could have done everything and ther are plenty of internet tutorials to help.

Anyway, you are where you are so an http-in/-out flow is what you will want to use to handle the POST response. This is the simplest approach if using Node-RED and it won't take you long to put together. Just remembe that the http-out node will need to return a redirect so that the login results in the users browser going (back?) to the correct page (either the information page requested or the login page with suitable errors showing).

hey, thanks for the further information, well I have some problems with the proxy and so far I do everything said in several online tutorials but can't even get the redirection part of the reverse proxy working so I had to use the Nginx proxy manager docker container, that one is the only one I could get it to work using the GUI provided for Nginx.
I get what you say but I'm technically experience-less in this matter so I figured using Node-red would save me some time by simplifying some problems.
so far I managed to get the login working in addition to a sqlite db for now, have the cookies set in the browser too, , and get them back with the request, although I did something wrong and implemented checking the cookies after receiving the login credentials, which I believe would be wrong and I have to do it before the page actually loads so if the cookie is valid the whole process of loading the login page and else would be bypassed to the desired result.
but right now I'm having problem with revoking a session cookie manually, although I figured I can do it on the serverside , but it would be better if I could delete the cookie in the browser on revoke too.

BTW as far as I saw the NGINX authentication needed an actual authentication server anyway, so I guss the best way it could have done this thing was if I implemented the login page inside the nginx and then sent the data to the authentication server and would get the response back which again would still need me to create an authentication server which I would do the coding eventually so I don't think that part would be much different in the end,

and frankly every tutorial I found on how to use Nginx for authentication involved a company's module to be bought and used with it and the tutorials where provided by the same companies selling their authentication services, which are technically our competitors :sweat_smile: so I can't use any outside paid material, and I could not find any tutorial regarding implementing authentication using opensource softwares or doing it yourself.

(also note that the internet has been heavily censored and controlled by the GOV in my country for the last two months, so my access to the internet has become so much limited unfortunately, I can't even open the node-red official pagenode )

OK, so the "easy" route is out then :smiley:

Yes, that is correct. And to do that it depends on what you are using to deliver your web endpoints. With node-red's native http-in/-out nodes, you can simply check and route to a suitable response. With Dashboard, you might be able to use some middleware (I don't do anything complex with Dashboard). If you used uibuilder, you could certainly use middleware both for the ExpressJS web server and the Socket.IO websocket comms.

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.