Code

Opened 9 years ago

Closed 9 years ago

#277 closed defect (wontfix)

CommonMiddleware URL rewriting discards POST data

Reported by: adrian@… Owned by: adrian
Component: Core (Other) Version:
Severity: normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: UI/UX:

Description

The CommonMiddleware URL rewriting discards any POST data when it is triggered.

This code in django/middleware/common.py needs to be fixed to pass along any possible POST data with the redirect.

        if new_url != old_url:
            # Redirect
            newurl = "%s://%s%s" % (os.environ.get('HTTPS') == 'on' and 'https' or 'http', new_url[0], new_url[1])
            if request.GET:
                newurl += '?' + urlencode(request.GET)
            return httpwrappers.HttpResponseRedirect(newurl)

But I don't know how to fix it :(

Attachments (0)

Change History (5)

comment:1 Changed 9 years ago by jacob

  • Resolution set to wontfix
  • Status changed from new to closed

This isn't a Django problem; it's a problem with HTTP itself -- there's no way to pass POST data long with a redirect. Te solution is simply to make sure your forms submit to valid URLs.

comment:2 Changed 9 years ago by adrian@…

  • Resolution wontfix deleted
  • Status changed from closed to reopened

I would suggest raising an exception or redirecting to 404 when this code gets called with POST data. I had a form submit that was triggering the url rewriting and it was painful tracking down exactly why my view code was receiving a GET instead of a POST. My url matching scheme allowed leaving off the trailing slash (I think "/test/update" looks nicer than "/test/update/"), so from the django code point of view, it was still a valid url submission. If the url rewriting middleware wasn't present, the POST would have been successful. Maybe settings.APPEND_SLASH should be disabled by default (at least for POSTs)? I doubt I'll be the only user who runs into this...

Or is "/test/update" just a completely invalid URL and I should have known this?
Also, doesn't apache's mod_rewrite have a way to do redirects that preserves POST data?

comment:3 Changed 9 years ago by garthk@…

500 strikes me as more appropriate than 404.

comment:4 Changed 9 years ago by adrian

  • milestone Version 1.0 deleted

comment:5 Changed 9 years ago by adrian

  • Resolution set to wontfix
  • Status changed from reopened to closed

The answer is: "Don't POST to a redirect."

Add Comment

Modify Ticket

Change Properties
<Author field>
Action
as closed
as The resolution will be set. Next status will be 'closed'
The resolution will be deleted. Next status will be 'new'
Author


E-mail address and user name can be saved in the Preferences.

 
Note: See TracTickets for help on using tickets.