mod_http_oauth2: Switch to '303 See Other' redirects This is the recommendation by draft-ietf-oauth-v2-1-07 section 7.5.2. It is the only redirect code that guarantees the user agent will use a GET request, rather than re-submitting a POST request to the new URL. The latter would be bad for us, as we are encoding auth tokens in the form data.

<tr>
  <td colspan="2">
    <script src="https://hcaptcha.com/1/api.js" async defer></script>
    <div class="h-captcha" data-sitekey="{captcha_public_key}"></div>
  </td>
</tr>