Re: Meta element to prevent resending post data from Julian Reschke on 2012-01-26 (public-html@w3.org from January 2012)

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 26 Jan 2012 23:10:48 +0100
To: "Marat Tanalin | tanalin.com" <mtanalin@yandex.ru>
CC: public-html@w3.org
Message-ID: <4F21CF68.207@gmx.de>

On 2012-01-26 23:05, Marat Tanalin | tanalin.com wrote:
> Hello.
>
> Currently, if a page is result of POST request, trying to refresh it in browser do result in browser message confirming that user really wants to refresh page that will result in resending form data that is already sent. If user do not want to resend data, it ends up with complete _impossibility_ to refresh page without manual focusing location bar and pressing Enter key.
>
> So it would be nice to have a META element to prevent resending POST form-data when user refreshes page that is result of POST request.
>
> A possible syntax of such META element:
>
>      <meta http-equiv="x-http-post-options" content="noresend" />
>
> When page has such META element, pressing "Refresh" button of browser (or keyboard key like F5) would result in just _reloading_ page as if the page was regular page loaded by regular GET request.
>
> Of course, it's usually good practice to just make server-side redirect via "Location" HTTP header (self-redirect in particular) after POST request, however unfortunately this is _not always technically possible_. Sending arbitrary HTTP headers is trivial task for modern script languages like PHP, but unfortunately is not an option at all for some self-made CMS written in compiled language like Delphi that a company has _anyway_ no resources to rework in, say, next 10 years.
>
> In such situations, the proposed META element would be quite useful to achieve same effect as server-side self-redirect provides: prevent accidental resending form data when user actually just wants to refresh page as if it was regular GET-requested page and wasn't result of POST request. There could be also server response header of same name ("x-http-post-options: noresend") for same purpose.
> ...

FWIW, the right way to do this is to use a 303 redirect, which causes 
the UA to fetch the result page with GET; and that operation then of 
course can be repeated.

Best regards, Julian

Received on Thursday, 26 January 2012 22:11:29 UTC