curl-users
Re: POST converted to GET on redirection
Date: Mon, 10 Sep 2007 13:16:21 +0200 (CEST)
On Mon, 10 Sep 2007, euphrate_ylb wrote:
> I am trying to access a web service which is protected by serveral security
> mechanisms. Basically, I need to send a POST xml request to a known endpoint
> while providing user credentials (certificate, user/pass). Unfortunately,
> during the authentication process my request is forwarded to another
> location once (code 302) and curl follows the redirection but converts my
> POST to a GET request. From what I know, this is how curl is expected to
> behave : http://curl.haxx.se/mail/archive-2001-01/0115.html
That page says it should do a POST, not a GET (as it basically just quotes
RFC261). It is in fact from 2001 and as all information that old one should
not that that as granted until verified.
But, as RFC2616 section 10.3.3 explains most browsers change that to a GET and
so does curl. Mostly because libcurl is so often used to mimic the behaviour
of browsers so it actually mostly make more sense to copy their bad behaviors
than firmly trying to follow the standards...
>A solution could be to take care manually of the redirection by extracting
> the "Location" url ...but I would prefer not to write HTTP specific code in
> my WS client. And even if I wanted to, because I am using a library (as many
> developers) for creating web services that relies on curl to handle HTTPS
> connections, I would have to modify this library and not my own code...
Indeed not. Doing the location logic yourself truly means that: yourself.
Outside of the library. You would not need to change libcurl at all.
> From my point of view the best solution would be to create an option or a
> flag that would force curl to POST again at the redirected URL. As an
> end-end-user, I would just have to pass this argument to the curl via my web
> service library.
I can accept such an argument, and if you really want to push for and work on
this idea, I suggest you bring it to the curl-library list and we'll discuss
how do it the nicest possible way over there.
-- Commercial curl and libcurl Technical Support: http://haxx.se/curl.htmlReceived on 2007-09-10