HTML表单似乎提交* POST和GET? [英] HTML form seems to be submitting *both* POST and GET?
问题描述
这不是问题的重复,例如这个,但恰恰相反:我有一个我通过jQuery提交的表单
$('< form>' ,{
action:'service',
method:'post',
target:'_blank'
})。append(
$('< input> ;',{
type:'hidden',
name:'payload',
value:JSON.stringify(payload)
})
).appendTo '主体')提交()除去()。;
这样做是为了让我可以用HTML打开不同的页面。
因为我需要提交相当多的复杂信息,所以我实际做的是将它们全部序列化为一个大JSON字符串,然后创建一个只有一个字段(有效负载)的表单并提交 。
接收端有一个如下所示的过滤器:
因此,当GET数据增长太多时,我可以在不修改实际脚本的情况下切换方法,它根本没有发现任何变化。
它一直工作到今天。
应该发生什么
服务器应该收到一个POST提交,并打开在一个适当的回应弹出窗口。
实际发生的事情
服务器确实收到正确的POST提交... p>
......显然忽略了它......
...并紧跟在之后,浏览器使用 no参数发出一个GET ,这是无参数GET获得的结果(赦免双关语)。
完全不出所料,这总是一个你没有提交任何参数的错误。 Duh。
我已经做了
- 验证了这个方法可行,在过去几年中一直以不同的形式和不同的服务端点开始工作
- 尝试用硬编码的
< FORM> 在HTML中,没有任何jQuery的 。相同的结果。因此,这不是一个jQuery问题。
- 尝试使用不同的浏览器(如果它仅适用于某些浏览器,它不会有帮助:我需要支持大多数现代浏览器。幸运的是,即使在iPhones上,所有这些故障都会再现)。
- 尝试发送少量数据(只是{test:0})。
- 尝试在收到任何内容后立即暂停端点脚本。
- 已检查堆栈溢出。我发现似乎是同样的问题,在各种 口味,但这并不令人满意。 这一个有一个有趣的陷阱,但没有,它没有帮助。
- 检查了防火墙,代理服务器,adblockers和插件(我现在使用普通的香草火狐)。 提出了有关最近SVN提交的尖锐问题。
我还没有做过什么
- 在低级别检查HTTPS对话(我没有足够的访问权限)。
- 比较一下这个工作的服务器和新的服务器不在那里。
- 很清楚,请戴上我的思想。 $ b
解决方案使用像或邮递员手动向服务器发送请求。这些工具将很好地显示来自服务器的响应,包括所有HTTP头。我怀疑服务器会响应一个重定向(状态码
30X),这会导致发出GETcode> POST 完成。
更新:HTTP重定向
HTTP重定向不一定使用相同的HTTP方法或甚至相同的数据向重定向目标发出请求。特别是对于非幂等请求,这可能是一个安全问题(你通常不希望你的表单提交被自动重新提交到另一个地址)。但是,HTTP为您提供了两种选择:
lockquote
[...]因此,HTTP / 1.1( RFC 2616 )添加了新的状态码303和307 [...],其中303要求将请求类型更改为GET,并保留最初发送的请求类型。尽管消除歧义提供了更多的清晰性,但仍然在web框架中使用302代码,以保持与未实现HTTP / 1.1规范的浏览器的兼容性。
[ 维基百科:HTTP 302 ]
对于301也是如此:
如果接收到301状态代码以响应除了GET或HEAD之外的任何其他类型的请求,客户必须在重定向之前询问用户。
[ from Wikipedia:HTTP 301 ]
This is not a duplicate of questions such as this, but rather the opposite: I have a form that I'm submitting via jQuery
$('<form>', { action : 'service', method : 'post', target : '_blank' }).append( $('<input>', { type : 'hidden', name : 'payload', value : JSON.stringify(payload) }) ).appendTo('body').submit().remove();This is done so that I can open a different page with HTML.
Since I need to submit quite a lot of complex information, what I actually do is serialize them all into a big JSON string, then create a form with only one field ("payload") and submit that.
The receiving end has a filter that goes like this:
- if the method is POST,
- and there is only one submitted variable,
- and the name of that one variable is "payload",
- then JSON-decode its value and use it to create fake GET data.
So when the GET data grows too much I can switch methods without modifying the actual script, which notices no changes at all.
It always worked until today.
What should happen
The server should receive a single POST submission, and open the appropriate response in a popup window.
What actually happens instead
The server does receive the correct POST submission...
...apparently ignores it...
...and immediately after that, the browser issues a GET with no parameters, and it is the result of that parameterless GET that gets (pardon the pun) displayed in the popup window.
Quite unsurprisingly, this is always a "You did not submit any parameters" error. Duh.
What I already did
- verified that this method works, and has always worked for the last couple of years with different forms and different service endpoints
- tried replacing the form with a hardcoded
<FORM>in HTML, without any jQuery whatsoever. Same results. So, this is not a jQuery problem. - tried with different browsers (it would not have helped if it only worked on some browsers: I need to support most modern browsers. However, I checked. Luckily, this failure reproduces in all of them, even on iPhones).
- tried sending few data (just "{ test: 0 }").
- tried halting the endpoint script as soon as it receives anything.
- checked Stack Overflow. I found what seems to be the same problem, in various flavours, but it's of little comfort. This one has an interesting gotcha but no, it does not help.
- checked firewalls, proxies, adblockers and plugins (I'm now using plain vanilla Firefox).
- called the IT guys and asked pointed questions about recent SVN commits. There were none.
What I did not yet do
- Check the HTTPS conversation at low level (I don't have sufficient access).
- Compared the configuration, step by step, of a server where this works and the new server where it does not.
- Quite clearly, put my thinking hat on. There must be something obvious that I'm missing and I'm setting myself up for a sizeable facepalm.
解决方案Use a tool like hurl.it or Postman to manually send a request to the server. The tools will nicely display the response from the server including all HTTP headers. I suspect the server responds with a redirect (Status code
30X) which leads to aGETrequest being issued after thePOSTcompletes.
Update: HTTP redirects
HTTP redirects do not necessarily use the same HTTP method or even the same data to issue a request to the redirect target. Especially for non-idempotent requests this could be a security issue (you don't generally want your form submission to be automatically re-submitted to another address). However, HTTP gives you both options:
[...] For this reason, HTTP/1.1 (RFC 2616) added the new status codes 303 and 307 [...], with 303 mandating the change of request type to GET, and 307 preserving the request type as originally sent. Despite the greater clarity provided by this disambiguation, the 302 code is still employed in web frameworks to preserve compatibility with browsers that do not implement the HTTP/1.1 specification.
[from Wikipedia: HTTP 302]
Also for 301s:
If the 301 status code is received in response to a request of any type other than GET or HEAD, the client must ask the user before redirecting.
[from Wikipedia: HTTP 301]
这篇关于HTML表单似乎提交* POST和GET?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
