POST requests

[florrain]

Hello,

I have a POST request that is not being redirected correctly because it seems that the redirection is always using GET. Weird right?

I'm using Rails 3.2 and enforcer 0.2.8.

11:17:38 web.1      | 127.0.0.1 - - [27/Mar/2015 11:17:38] "POST /api/method HTTP/1.1" 301 - 0.2573
11:17:44 web.1      | 127.0.0.1 - - [27/Mar/2015 11:17:44] "GET /api/method HTTP/1.0" 404 781 6.2435

Thanks

[tobmatth]

Hey,

would you mind posting the configuration you're using?

/edit: Are you sure the second request is the redirected, next request and not just a single GET request? There is a gap of 6 seconds between both requests...

[florrain]

Thanks for being fast.

My application.rb has:

    if Rails.env.production?
      config.middleware.use Rack::SslEnforcer, only_hosts: ["www.thredup.com", "thredup.com"]
    end

I may be wrong but I'm having errors on production right now on some rerouting and I'm suspecting this to cause errors. I've got different routes having the same issues, all are POSTs.

Let me know if I can help more.

[tobmatth]

Seems like your assumption is correct, see http://www.faqs.org/rfcs/rfc2616.html (Section 10.3.2 Note):

  Note: When automatically redirecting a POST request after
  receiving a 301 status code, some existing HTTP/1.0 user agents
  will erroneously change it into a GET request.

It might be an option to use a different status code (307) for POST redirection, but i have to think about this for a while...

[florrain]

Ooh it all makes sense now. It's a debatable decision though.

I don't think you can really do anything about that but I'll stay tuned.

Thanks for the support!

[PikachuEXE]

I would say it's an application/endpoint group specific decision to make
How the RFC declares it and how the browsers handles it could be different, especially about 302, 303
I think it's fine to use 302 for API if you have a clear doc
But for website part... :S