Django

Code

Ticket #277 (closed: wontfix)

Opened 3 years ago

Last modified 3 years ago

CommonMiddleware URL rewriting discards POST data

Reported by: adrian@exoweb.net Assigned to: adrian
Milestone: Component: Core framework
Version: Keywords:
Cc: Triage Stage: Unreviewed
Has patch: 0 Needs documentation: 0
Needs tests: 0 Patch needs improvement: 0

Description

The CommonMiddleware? URL rewriting discards any POST data when it is triggered.

This code in django/middleware/common.py needs to be fixed to pass along any possible POST data with the redirect. 

        if new_url != old_url:
            # Redirect
            newurl = "%s://%s%s" % (os.environ.get('HTTPS') == 'on' and 'https' or 'http', new_url[0], new_url[1])
            if request.GET:
                newurl += '?' + urlencode(request.GET)
            return httpwrappers.HttpResponseRedirect(newurl)

But I don't know how to fix it :(

Attachments

Change History

08/05/05 08:21:47 changed by jacob

  • status changed from new to closed.
  • resolution set to wontfix.

This isn't a Django problem; it's a problem with HTTP itself -- there's no way to pass POST data long with a redirect. Te solution is simply to make sure your forms submit to valid URLs.

08/07/05 20:59:46 changed by adrian@exoweb.net

  • status changed from closed to reopened.
  • resolution deleted.

I would suggest raising an exception or redirecting to 404 when this code gets called with POST data. I had a form submit that was triggering the url rewriting and it was painful tracking down exactly why my view code was receiving a GET instead of a POST. My url matching scheme allowed leaving off the trailing slash (I think "/test/update" looks nicer than "/test/update/"), so from the django code point of view, it was still a valid url submission. If the url rewriting middleware wasn't present, the POST would have been successful. Maybe settings.APPEND_SLASH should be disabled by default (at least for POSTs)? I doubt I'll be the only user who runs into this...

Or is "/test/update" just a completely invalid URL and I should have known this? Also, doesn't apache's mod_rewrite have a way to do redirects that preserves POST data?

08/07/05 23:56:07 changed by garthk@gmail.com

500 strikes me as more appropriate than 404.

08/09/05 15:45:25 changed by adrian

  • milestone deleted.

08/15/05 11:30:48 changed by adrian

  • status changed from reopened to closed.
  • resolution set to wontfix.

The answer is: "Don't POST to a redirect."

Add/Change #277 (CommonMiddleware URL rewriting discards POST data)




Change Properties
Action