POST请求一个位置发送刷新标题使Firefox创建GET请求,但仍然保存POST数据 [英] POST-requesting a location sending Refresh header makes Firefox create GET request but still hold POST data
问题描述
<?php
if(!empty $ _BOST)
{
header(Refresh:5; URL = http:// $ _ SERVER [SERVER_NAME] $ _SERVER [REQUEST_URI]);
}
?>
<!doctype html>
< form method = post>
< input type = hidden name = foo value = bar>
< input type = submit>
< / form>
<?php
echo使用HTTP $ _SERVER [REQUEST_METHOD]方法请求位置; \ $ _POST =.var_export($ _ POST,1);
?>
现在,执行此操作:
- 在Firefox浏览器中打开它(我在这里创建了一个演示 ;我在Debian上使用6.0.1)。
- 提交表单。很显然,浏览器执行了一个HTTP POST请求。请注意,
Refresh
HTTP标头附带了响应。
- 等待5秒钟。现在,正在应用
Refresh
标题,并且该位置将被重定向到自身。 Firefox执行了 GET 请求。这绝对是GET,因为Firebug和PHP的$ _ SERVER ['REQUEST_METHOD']
都是这么说的。 F5 键。由于上一次执行的HTTP请求是一个GET请求,因此可以预料到之前请求中的所有POST数据都将丢失。但是,会出现一个对话框,要求我重新发送POST数据:
lockquote
要显示此页面,Iceweasel必须发送信息,重复以前执行的任何操作(如搜索或订单确认)。
所以,我的问题是 - 为什么POST数据仍然在这里?这是一个错误或预期的行为?
请注意,使用以下任何一项都将导致POST数据丢失(预期行为):
环顾 StackOverflow 和一般的互联网似乎在互联网初期,Netscape发明了
Refresh:
标头(就像很多东西),并被大家采用。虽然许多这些任意的Netscape设计(,如Javascript )后来被采纳为行业标准,Refresh:
标题不是,因为HTTP已经用3xx
响应代码提供了这个功能。
不足之处在于,不同的浏览器对它的处理方式不同,这并不奇怪,因为没有标准可以告诉浏览器开发者如何处理它。而关于在你的应用程序中使用标题 - 不要。干净利落。使用3xx重定向。这就是他们的目的。如果您使用它,因为您需要在超时后刷新页面,请使用
< meta>
刷新 - 现在已经正式弃用了,应该在任何地方以相同的方式处理。Consider the following code; it's basically a form that sends some data via HTTP POST. When the POST data come, the Refresh HTTP header is sent.
<?php if (!empty($_POST)) { header("Refresh: 5; URL=http://$_SERVER[SERVER_NAME]$_SERVER[REQUEST_URI]"); } ?> <!doctype html> <form method=post> <input type=hidden name=foo value=bar> <input type=submit> </form> <?php echo "The location was requested using the HTTP $_SERVER[REQUEST_METHOD] method; \$_POST = ".var_export($_POST, 1); ?>
Now, do this:
- Open it in Firefox browser (I've created a demo here; I use 6.0.1 on Debian).
- Submit the form. Obviously, the browser performed an HTTP POST request. Note that the
Refresh
HTTP header came with the response. - Wait for 5 seconds. Now the
Refresh
header is being applied and the location will be redirected to itself. - Firefox performed a GET request. It is definitely GET because both Firebug and PHP's
$_SERVER['REQUEST_METHOD']
say it. - Press
F5
key. Since the last performed HTTP request was a GET request, one would expect that all POST data from previous requests will be lost. However, a dialog box appears and asks me to resend POST data:
To display this page, Iceweasel must send information that will repeat any action (such as a search or order confirmation) that was performed earlier.
So, my question is - why are the POST data still here? Is this a bug or intended behaviour? Note that use of any of the following will cause the loss of POST data (the expected behaviour):
Location
header instead ofRefresh
- Different value of
URL=
parameter ofRefresh
header (the user will be redirected to another location). - Another browser (I've tested Internet Explorer 9.0.2 and Chromium 6.0).
解决方案This is neither a bug, nor intended behaviour. The reason for this is that there is no header called
Refresh:
defined by any of the HTTP RFCs (most notably RFC1945 and RFC2616 make no mention of it). This means that, while most browsers do implement theRefresh
header as if it were a meta refresh, there is no expected behaviour for this that can be assumed to be the same across all browsers.Looking around StackOverflow and the internet in general it seems that the
Refresh:
header was (like so many things) invented by Netscape in the early days of the internet and adopted by everybody. While many of these arbitrary Netscape designs (such as Javascript) were later adopted as industry standards, theRefresh:
header was not, because HTTP already made provision for this functionality with3xx
response codes.The long of the short of this is that it is hardly surprising that different browsers handle it differently, because there is no standard that tells the developers of the browsers exactly how to handle it. And about using the header in your applications - don't. Plain and simple. Use 3xx redirects. That's what they're for. And if you are using it because you need to refresh the page after a timeout, use a
<meta>
refresh - while this is now officially deprecated it should be handled the same way everywhere.这篇关于POST请求一个位置发送刷新标题使Firefox创建GET请求,但仍然保存POST数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
- 提交表单。很显然,浏览器执行了一个HTTP POST请求。请注意,