Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

Re: Redirect after POST behavior in LWP::UserAgent differs from Netscape's?

by gregorovius (Friar)
on Mar 16, 2001 at 22:37 UTC ( [id://64970]=note: print w/replies, xml ) Need Help??


in reply to Re: Redirect after POST behavior in LWP::UserAgent differs from Netscape's?
in thread Redirect after POST behavior in LWP::UserAgent differs from Netscape's?

But people use those undocumented quirks in browser implementation. I don't think we could ever banish reliance on such non-standard features, so maybe the best way to deal with them would be to incorporate them to the RFC in substitution of the original spec (I'm not talking specifically about this one quirk, which you say is unsafe; BTW, would you dwell into why it is so?).

PerlMonks itself, doesn't it rely on Netscape's redirect after POST behavior?

Also, consider that Perl is a good example of the implementation being also the standard, a system that has worked pretty well, IMHO.

Replies are listed 'Best First'.
Re: Re: Redirect after POST behavior in LWP::UserAgent differs from Netscape's?
by extremely (Priest) on Mar 17, 2001 at 06:35 UTC
    Well, the main "danger" is that you could be directed to a site other than the one you felt safe giving your data too. If you hit a post to Amazon's order form and the last page redirected you to Barnes and Noble's page for the purchase. Worse, if the error document of the site was "tweaked" and the CGI removed you might wind up pouring your data into someone else's logs.

    Also, please don't confuse redirect AFTER post with redirecting THE post. You shouldn't be conned into sending data to someone you didn't expect. Where the browser goes after the data is received properly is something else entirely.

    Read for yourself: RFC 2616 Sec 10.3.2 and and you might look at most of Sec 15 as well.

    --
    $you = new YOU;
    honk() if $you->love(perl)

      Thanks for your help!

      Also, please don't confuse redirect AFTER post with redirecting THE post

      I'm not confusing it, that's just the issue with the behavior of LWP::UserAgent. If you override its 'redirect_ok' method to return True on POST requests then it will post all your submitted data to the site the server requests redirection to. If seen this way then Netscape's behavior can be regarded as safer than LWP::UserAgent's, since it won't post all your data to the site down the line (it should be noted that UserAgent's default is to NOT follow POST redirects, though, but its documentation says nothing about the way it follows POST redirects and its being non-standard).

      We could conclude, then, that both LWP::UserAgent and Netscape are non-compliant, and that Netscape's behavior is safer.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://64970]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others surveying the Monastery: (4)
As of 2024-03-29 12:09 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found