httpd-modules-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dumindu Pallewela <>
Subject Re: Reading the post request
Date Tue, 10 Jul 2007 04:10:27 GMT
Nick Kew wrote:

>> However, I have read the whole request body even if I don't need all
>> that data, just to verify that the post doesn't contain the specific
>> token that I'm looking for.
> You mean, read POST data and decide based on that whether to handle it?
> That's broken design.  Not necessarily your module, but the application
> it's part of, is broken.  You should be able to make that decision
> based on the request headers.

I understand that having to read the post data and to decide whether to 
handle it or not is bad design. But I have no other option as cardspace 
authentication does not provide any mechanism to decide if I have to 
handle the request, just by using the request headers.

> Having said that, there are several ways to do what you want.
> Probably the most generic would be an input filter that'll dup the data,
> so your handler can go first and read them without consuming them.
> mod_security offers an example you could look at.

Thanks, I will try that.


View raw message