can not redirect on POST w/ CGI.pm

[David Young <dy...@nettonettech.com>]

I've found that if I post to this PerlAccessHandler, I get no response:

#------------------------
package Apache::Redirect;

use strict;
use Apache::Constants qw(REDIRECT);
use CGI ();

sub handler {
    my($r) = @_;

    my $q = new CGI();
    
    $r->header_out(Location => "http://www.modperl.com/");
    return REDIRECT;
}

1;
#------------------------

If I comment out "my $q = new CGI();" then it works fine. Any ideas on what
is causing this?

Apache/1.3.14
mod_perl/1.24
CGI.pm/2.56

--David

Re: can not redirect on POST w/ CGI.pm

[Joachim Zobel <nc...@netcologne.de>]

At 17:46 13.06.2001 +0100, you wrote:
>Actually, it's apache not letting it redirect on a POST form. I don't know
>why commenting out CGI makes any difference, but the HTTP RFC does say that
>the behaviour is undefined, for 301/2 on anything other than GET, if you
>think about it, this makes sense:
> >>>POST url
>:
><<<302 Location Moved
><<<Location: newurl
><<<
>:
>
>now, what method do I use for newurl, GET/POST? if POST, what is in the
>content section ?
>
>The spec says that you shouldn't do it. The fact that browsers tend to
>respond to anything with a location header (even 200 OK) as being a redirect
>seems broken, and they'll always use GET. This is why you've probably
>"noticed it working", in reality it's bogus.
>
>Apache enforces it for you.

I doubt this. This is rather a problem with CGI.pm reading STDIN or something.

>My advice is to find some other way of doing it.
>A "Refresh: 0; URL=newurl" header might do the trick, although you'll need
>to make sure you have it in headers_err, because otherwise it won't get
>sent as a header.

There is
303 See Other
now to do this. The problem is that older browsers (pre HTTP/1.1) don't 
understand it. So I am still using CGI::redirect which AFAIK means 302 to 
achieve it.

Joachim

--
"... ein Geschlecht erfinderischer Zwerge, die fuer alles gemietet werden
koennen."                            - Bertolt Brecht - Leben des Galilei

Re: can not redirect on POST w/ CGI.pm

[David Young <dy...@nettonettech.com>]

>From: "Rodney Broom" <rb...@Desert.NET>
> From: David Young <dy...@nettonettech.com>
> DY> I've found that if I post to this PerlAccessHandler, I get no response:
> DY>     $r->header_out(Location => "http://www.modperl.com/");
> DY>     return REDIRECT;
> 
> - Are you actually wanting your orriginally POSTed data to make it to the
> redirected location?
> - Do you actually need CGI.pm?

Yes and yes. What I am actually doing is extending the cookie-based access
control ("TicketMaster") outlined in the Apache Modules book[1]. If the user
attempts to access a restricted area and they don't have a cookie, they are
redirected to a login page (courtesy of an ErrorDocument 403). Upon
submission (POST) of the login page, if their credentials are good, they are
redirected to their original destination.

The original example in the book uses a refresh header, but that briefly
shows a "please stand by" page that I was hoping to avoid. It was working
fine, and then I made some changes that placed my "new CGI" instantiation
above the redirect, and it stopped working. I finally narrowed the problem
down to the program I posted.

I still think something is wrong here with CGI.pm and mod_perl's
interaction, but I guess I will go back to using the refresh header.

--David
--
1. http://www.modperl.com/book/chapters/ch6.html#Cookie_Based_Access_Control

Re: can not redirect on POST w/ CGI.pm

[Rodney Broom <rb...@Desert.NET>]

From: David Young <dy...@nettonettech.com>
DY> I've found that if I post to this PerlAccessHandler, I get no response:
DY>     $r->header_out(Location => "http://www.modperl.com/");
DY>     return REDIRECT;

- Are you actually wanting your orriginally POSTed data to make it to the
redirected location?
- Do you actually need CGI.pm?

---
Rodney Broom
Programmer: Desert.Net

Re: can not redirect on POST w/ CGI.pm

[Matthew Byng-Maddick <mo...@lists.colondot.net>]

On Wed, Jun 13, 2001 at 11:58:24AM -0400, David Young wrote:
> I've found that if I post to this PerlAccessHandler, I get no response:
> #------------------------
> package Apache::Redirect;
> 
> use strict;
> use Apache::Constants qw(REDIRECT);
> use CGI ();
> 
> sub handler {
>     my($r) = @_;
> 
>     my $q = new CGI();
>     
>     $r->header_out(Location => "http://www.modperl.com/");
>     return REDIRECT;
> }
> 
> 1;
> #------------------------
> If I comment out "my $q = new CGI();" then it works fine. Any ideas on what
> is causing this?

Actually, it's apache not letting it redirect on a POST form. I don't know
why commenting out CGI makes any difference, but the HTTP RFC does say that
the behaviour is undefined, for 301/2 on anything other than GET, if you
think about it, this makes sense:
>>>POST url
:
<<<302 Location Moved
<<<Location: newurl
<<<
:

now, what method do I use for newurl, GET/POST? if POST, what is in the
content section ?

The spec says that you shouldn't do it. The fact that browsers tend to
respond to anything with a location header (even 200 OK) as being a redirect
seems broken, and they'll always use GET. This is why you've probably
"noticed it working", in reality it's bogus.

Apache enforces it for you.

My advice is to find some other way of doing it.
A "Refresh: 0; URL=newurl" header might do the trick, although you'll need
to make sure you have it in headers_err, because otherwise it won't get
sent as a header.

MBM

Re: can not redirect on POST w/ CGI.pm

[Rodney Broom <rb...@Desert.NET>]

From: Doug MacEachern <do...@covalent.net>
> > I've found that if I post to this PerlAccessHandler, I get no response:
> this problem is fixed in 1.25, from Changes:
> "fix $r->read() so it will not block if all data has already been read
> and so that Apache will not hang during ap_discard_request_body() on
> error or redirect after all data has been read"


> > From: David Young <dy...@nettonettech.com>
DY> What I am actually doing is extending the cookie-based access
DY> control ("TicketMaster") outlined in the Apache Modules book[1]. If the
DY>  user attempts to access a restricted area and they don't have a cookie,
they
DY>  are redirected to a login page (courtesy of an ErrorDocument 403). Upon
DY> submission (POST) of the login page, if their credentials are good, they
are
DY> redirected to their original destination.

OK, this makes sence. I just did something like this myself. I was
redirecting the user to change the URI that they saw in the browser, but
didn't want to loose POSTed data. Since you are using mod_perl, you can
catch STDIN inside of a handler with:
  $data = $STDIN

>From there, I stored the data in a file and redirected the user. When the
user has all of the auth work finished and finally makes it back to the
right location, I read in the data from that file and assign to STDIN with:
  read(TEMP_FILE, $STDIN, (-s $temp_file))

This works fine, but you'll obviously need to jump through a few hoops.
Things like setting ENV{CONTENT-LENGTH} after reassigning $STDIN, and making
sure that you are giving the user their data and not somebody elses.

---
Rodney Broom
Programmer: Desert.Net

Re: can not redirect on POST w/ CGI.pm

[Doug MacEachern <do...@covalent.net>]

On Wed, 13 Jun 2001, David Young wrote:

> I've found that if I post to this PerlAccessHandler, I get no response:
... 
> mod_perl/1.24

this problem is fixed in 1.25, from Changes:
"fix $r->read() so it will not block if all data has already been read
and so that Apache will not hang during ap_discard_request_body() on
error or redirect after all data has been read"