POST请求一个位置发送刷新标题使Firefox创建GET请求，但仍然保存POST数据 [英] POST-requesting a location sending Refresh header makes Firefox create GET request but still hold POST data

问题描述

考虑下面的代码;它基本上是一个通过HTTP POST发送一些数据的表单。当POST数据到来时，发送刷新HTTP头。

 <？php 
 if（！empty $ _BOST）
 {
 header（Refresh：5; URL = http：// $ _ SERVER [SERVER_NAME] $ _SERVER [REQUEST_URI]）; 
} 
？> 
<！doctype html> 
< form method = post> 
< input type = hidden name = foo value = bar> 
< input type = submit> 
< / form> 
 <？php 
 echo使用HTTP $ _SERVER [REQUEST_METHOD]方法请求位置; \ $ _POST =.var_export（$ _ POST，1）; 
？> 
  

现在，执行此操作：

1. 在Firefox浏览器中打开它（我在这里创建了一个演示 ;我在Debian上使用6.0.1）。
   
2. 提交表单。很显然，浏览器执行了一个HTTP POST请求。请注意， Refresh HTTP标头附带了响应。


3. 等待5秒钟。现在，正在应用 Refresh 标题，并且该位置将被重定向到自身。 Firefox执行了 GET 请求。这绝对是GET，因为Firebug和PHP的 $ _ SERVER ['REQUEST_METHOD'] 都是这么说的。 F5 键。由于上一次执行的HTTP请求是一个GET请求，因此可以预料到之前请求中的所有POST数据都将丢失。但是，会出现一个对话框，要求我重新发送POST数据：
   
   
   lockquote
   

   要显示此页面，Iceweasel必须发送信息，重复以前执行的任何操作（如搜索或订单确认）。

   
   

   所以，我的问题是 - 为什么POST数据仍然在这里？这是一个错误或预期的行为？
   请注意，使用以下任何一项都将导致POST数据丢失（预期行为）：
   
   

   
   
   • $
   
   
   • 不同的值 URL = 刷新标题的参数（用户将被重定向到另一个位置）。

   • 另一个浏览器已测试Internet Explorer 9.0.2和Chromium 6.0）。 这既不是错误，也没有预期的行为。原因是没有任何HTTP RFC定义的标头 Refresh：（最显着的是 RFC1945 和 RFC2616 没有提到它）。这意味着，虽然大多数浏览器确实像元刷新一样实现了 Refresh 标题，但是没有预期的行为可以被假定为在所有浏览器中都是一样的
     
     
     

     环顾 StackOverflow 和一般的互联网似乎在互联网初期，Netscape发明了 Refresh：标头（就像很多东西），并被大家采用。虽然许多这些任意的Netscape设计（，如Javascript ）后来被采纳为行业标准， Refresh：标题不是，因为HTTP已经用 3xx 响应代码提供了这个功能。

     
     
     

     不足之处在于，不同的浏览器对它的处理方式不同，这并不奇怪，因为没有标准可以告诉浏览器开发者如何处理它。而关于在你的应用程序中使用标题 - 不要。干净利落。使用3xx重定向。这就是他们的目的。如果您使用它，因为您需要在超时后刷新页面，请使用< meta> 刷新 - 现在已经正式弃用了，应该在任何地方以相同的方式处理。

     
     

     Consider the following code; it's basically a form that sends some data via HTTP POST. When the POST data come, the Refresh HTTP header is sent.

     <?php
     if (!empty($_POST))
     {
         header("Refresh: 5; URL=http://$_SERVER[SERVER_NAME]$_SERVER[REQUEST_URI]");
     }
     ?>
     <!doctype html>
     <form method=post>
         <input type=hidden name=foo value=bar>
         <input type=submit>
     </form>
     <?php
     echo "The location was requested using the HTTP $_SERVER[REQUEST_METHOD] method; \$_POST = ".var_export($_POST, 1);
     ?>
     

     Now, do this:

     1. Open it in Firefox browser (I've created a demo here; I use 6.0.1 on Debian).
     2. Submit the form. Obviously, the browser performed an HTTP POST request. Note that the Refresh HTTP header came with the response.
     3. Wait for 5 seconds. Now the Refresh header is being applied and the location will be redirected to itself.
     4. Firefox performed a GET request. It is definitely GET because both Firebug and PHP's $_SERVER['REQUEST_METHOD'] say it.
     5. Press F5 key. Since the last performed HTTP request was a GET request, one would expect that all POST data from previous requests will be lost. However, a dialog box appears and asks me to resend POST data:

     To display this page, Iceweasel must send information that will repeat any action (such as a search or order confirmation) that was performed earlier.

     So, my question is - why are the POST data still here? Is this a bug or intended behaviour? Note that use of any of the following will cause the loss of POST data (the expected behaviour):

     • Location header instead of Refresh
     • Different value of URL= parameter of Refresh header (the user will be redirected to another location).
     • Another browser (I've tested Internet Explorer 9.0.2 and Chromium 6.0).

     解决方案

     This is neither a bug, nor intended behaviour. The reason for this is that there is no header called Refresh: defined by any of the HTTP RFCs (most notably RFC1945 and RFC2616 make no mention of it). This means that, while most browsers do implement the Refresh header as if it were a meta refresh, there is no expected behaviour for this that can be assumed to be the same across all browsers.

     Looking around StackOverflow and the internet in general it seems that the Refresh: header was (like so many things) invented by Netscape in the early days of the internet and adopted by everybody. While many of these arbitrary Netscape designs (such as Javascript) were later adopted as industry standards, the Refresh: header was not, because HTTP already made provision for this functionality with 3xx response codes.

     The long of the short of this is that it is hardly surprising that different browsers handle it differently, because there is no standard that tells the developers of the browsers exactly how to handle it. And about using the header in your applications - don't. Plain and simple. Use 3xx redirects. That's what they're for. And if you are using it because you need to refresh the page after a timeout, use a <meta> refresh - while this is now officially deprecated it should be handled the same way everywhere.

     这篇关于POST请求一个位置发送刷新标题使Firefox创建GET请求，但仍然保存POST数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！