Nick Kew wrote:
>>
>> However, I have read the whole request body even if I don't need all
>> that data, just to verify that the post doesn't contain the specific
>> token that I'm looking for.
>
> You mean, read POST data and decide based on that whether to handle it?
>
> That's broken design. Not necessarily your module, but the application
> it's part of, is broken. You should be able to make that decision
> based on the request headers.
I understand that having to read the post data and to decide whether to
handle it or not is bad design. But I have no other option as cardspace
authentication does not provide any mechanism to decide if I have to
handle the request, just by using the request headers.
>
> Having said that, there are several ways to do what you want.
> Probably the most generic would be an input filter that'll dup the data,
> so your handler can go first and read them without consuming them.
> mod_security offers an example you could look at.
>
Thanks, I will try that.
Dumindu.
|