httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Robert Andersson" <rob...@profundis.nu>
Subject Re: [users@httpd] Re: Redirected URL query string being lost
Date Fri, 15 Oct 2004 11:36:13 GMT
James Adams wrote:
> It was pointed out to me that what I'm trying to do is
> not a good idea, in that it's a security violation to
> redirect HTTP POST requests.  From the HTTP spec
> (http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html):
>
> If the 301 status code is received in response to a
> request other than GET or HEAD, the user agent MUST
> NOT automatically redirect the request unless it can
> be confirmed by the user, since this might change the
> conditions under which the request was issued.

Oh dear. I have always redirected POST requests, in order to reroute the 
user. I've thought of it as the proper thing to do. Never thought about that 
this logically should mean the user agent should "resubmit" the request to 
the new URI, but rather to tell it "done, now go here". Thanks for bringing 
it up.

Now I only have to go rewrite all sites I've made :-(
I'll see you guys in a couple of years...

Regards,
Robert Andersson 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message