Re: Meta element to prevent resending post data

27.01.2012, 21:18, "Tab Atkins Jr." <jackalmage@gmail.com>:

> š2012/1/27 Marat Tanalin | tanalin.com <mtanalin@yandex.ru>:
>> šš27.01.2012, 21:00, "Tab Atkins Jr." <jackalmage@gmail.com>:
>>> ššIf you can get the same page back with a GET request, then it
>>> ššshouldn't have been a POST in the first place. šThat's an abuse of
>>> ššrequest semantics, usually just so the page maintains a "pretty URL".
>> ššSince my point is likely misunderstood, let's consider an example for additional clarity.
>>
>> ššWe have a no-so-advanced CMS that technically _can't_ make server-side redirects.
>>
>> ššA site based on this CMS has a page that contains a form to add messages, and list of messages added earlier. The form's @action attribute contains same URL as the page that contains the form itself. Since each POST request from the form adds new message, the form _must_ be sent via POST request, not GET request -- it's well-known best-practice approach that GET request should not modify or add something to database (except, well, for visit counters).
>>
>> ššSo POST here cannot be replaced with GET at all.
> šIf your CMS is dumb enough that it can't do redirects directly, it can
> šalways serve the page with a <meta http-equiv="refresh" content="0;
> šurl=http://example.com/">. šThis kinda sucks, but the CMS apparently
> škinda sucks anyway, so it seems fitting.

<meta http-equiv="refresh"> forces page to be reloaded and thus leads to extra-delay due to another HTTP-request.

On the contrary, my proposed solution has no this shortcoming. Moreover, extra-request delay is also peculiar of server-side self-redirect solution, so my proposed solution could be useful not just for bad CMSes, but also for wide range of situations where POST-requested page is identical (as for content) to same page after self-redirect, and making another request has no purpose other than preventing resending POST data during page refresh.

> š(I'm quite confused, though - what CMS *can* add things to a
> šserver-side database, but *can't* issue a redirect? šThis is trivial
> što do in every server-side language I know of.)

It's not my CMS (I personally use PHP and can implement anything I want.) But, unfortunately, there are CMSes that are written in compiled language Delphi and has insuperable architectural limitations such as inability to send arbitrary response headers (such limitations are odd for me too).

Received on Friday, 27 January 2012 17:48:28 UTC