Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: Re: Redirect after POST behavior in LWP::UserAgent differs from Netscape's?

by extremely (Priest)
on Mar 17, 2001 at 06:35 UTC ( #65101=note: print w/ replies, xml ) Need Help??


in reply to Re: Redirect after POST behavior in LWP::UserAgent differs from Netscape's?
in thread Redirect after POST behavior in LWP::UserAgent differs from Netscape's?

Well, the main "danger" is that you could be directed to a site other than the one you felt safe giving your data too. If you hit a post to Amazon's order form and the last page redirected you to Barnes and Noble's page for the purchase. Worse, if the error document of the site was "tweaked" and the CGI removed you might wind up pouring your data into someone else's logs.

Also, please don't confuse redirect AFTER post with redirecting THE post. You shouldn't be conned into sending data to someone you didn't expect. Where the browser goes after the data is received properly is something else entirely.

Read for yourself: RFC 2616 Sec 10.3.2 and and you might look at most of Sec 15 as well.

--
$you = new YOU;
honk() if $you->love(perl)


Comment on Re: Re: Redirect after POST behavior in LWP::UserAgent differs from Netscape's?
Re: Re: Re: Redirect after POST behavior in LWP::UserAgent differs from Netscape's?
by gregorovius (Friar) on Mar 17, 2001 at 07:11 UTC
    Thanks for your help!

    Also, please don't confuse redirect AFTER post with redirecting THE post

    I'm not confusing it, that's just the issue with the behavior of LWP::UserAgent. If you override its 'redirect_ok' method to return True on POST requests then it will post all your submitted data to the site the server requests redirection to. If seen this way then Netscape's behavior can be regarded as safer than LWP::UserAgent's, since it won't post all your data to the site down the line (it should be noted that UserAgent's default is to NOT follow POST redirects, though, but its documentation says nothing about the way it follows POST redirects and its being non-standard).

    We could conclude, then, that both LWP::UserAgent and Netscape are non-compliant, and that Netscape's behavior is safer.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://65101]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others pondering the Monastery: (9)
As of 2014-07-31 10:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (248 votes), past polls