| Subject: | GET sends entity-body on POST redirect |
I don't believe this is a violation of the RFC, but its causing some problems with the server I am connecting to. Here is the scenario:
o GET form page for login
o POST credentials to form, server sends 302
o GET is done on Location field from response, but includes body of POST request
I can't find anything in the RFC either way on this. It only says that if the method doesn't support entity-body it MUST not include it, but it says nothing about whether the GET method does or does not. Apache has no problem with it...
If the following patch could be applied that strips the content and Content-Length, I would be grateful:
***************
*** 980,985 ****
--- 980,988 ----
if ( $ok ) {
$self->{redirected_uri} = $prospective_request->uri;
+ $prospective_request->content(undef);
+ $prospective_request->remove_header('Content-Length');
+
# Mimic erroneous browser behaviour by changing the method.
$prospective_request->method("GET") if $prospective_request->method eq "POST";
}
I don't necessarily know if this will break other people's interactions with HTTPD's. If this is a concern, would it be possible to make this an optional thing, that a user could set?
thanks,
--eric