A client asked to enable redirect with 302 after AJAX login and not return with 200 as recommened by the security audit company.

according to OWASP a redirect should be issued to reload the page after login.
https://www.owasp.org/index.php/OWASP_Application_Security_FAQ#Is_it_really_required_to_redirect_the_user_to_a_new_page_after_login.3F

An AuExtension as in the attached example was provided, but client proposed this could be default feature in ZK in order to be OWASP compliant.