W3C home > Mailing lists > Public > public-html@w3.org > January 2012

Re: Meta element to prevent resending post data

From: Julian Reschke <julian.reschke@gmx.de>
Date: Thu, 26 Jan 2012 23:23:38 +0100
Message-ID: <4F21D26A.80406@gmx.de>
To: "Marat Tanalin | tanalin.com" <mtanalin@yandex.ru>
CC: public-html@w3.org
On 2012-01-26 23:18, Marat Tanalin | tanalin.com wrote:
> 27.01.2012, 02:10, "Julian Reschke"<julian.reschke@gmx.de>:
>> On 2012-01-26 23:05, Marat Tanalin | tanalin.com wrote:
>>>   Hello.
>>>   Currently, if a page is result of POST request, trying to refresh it in browser do result in browser message confirming that user really wants to refresh page that will result in resending form data that is already sent. If user do not want to resend data, it ends up with complete _impossibility_ to refresh page without manual focusing location bar and pressing Enter key.
>>>   So it would be nice to have a META element to prevent resending POST form-data when user refreshes page that is result of POST request.
>>>   A possible syntax of such META element:
>>>        <meta http-equiv="x-http-post-options" content="noresend" />
>>>   When page has such META element, pressing "Refresh" button of browser (or keyboard key like F5) would result in just _reloading_ page as if the page was regular page loaded by regular GET request.
>>>   Of course, it's usually good practice to just make server-side redirect via "Location" HTTP header (self-redirect in particular) after POST request, however unfortunately this is _not always technically possible_. Sending arbitrary HTTP headers is trivial task for modern script languages like PHP, but unfortunately is not an option at all for some self-made CMS written in compiled language like Delphi that a company has _anyway_ no resources to rework in, say, next 10 years.
>>>   In such situations, the proposed META element would be quite useful to achieve same effect as server-side self-redirect provides: prevent accidental resending form data when user actually just wants to refresh page as if it was regular GET-requested page and wasn't result of POST request. There could be also server response header of same name ("x-http-post-options: noresend") for same purpose.
>>>   ...
>> FWIW, the right way to do this is to use a 303 redirect, which causes
>> the UA to fetch the result page with GET; and that operation then of
>> course can be repeated.
>> Best regards, Julian
> Julian, have you read my message _entirely_? I've covered redirect option in second-to-last paragraph.

I did, but somehow was thinking too much about the distinction between 
301/302 and 303. Servers should use 303 in this case, but that indeed 
doesn't affect your proposal. Sorry.
Received on Thursday, 26 January 2012 22:24:09 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:45:47 UTC