Make WordPress Core

Opened 20 years ago

Closed 18 years ago

Last modified 15 years ago

#1215 closed defect (bug) (worksforme)

comment form should use a relative or absolute path, not a complete URI

Reported by: michel-v's profile michel v Owned by:
Milestone: Priority: normal
Severity: minor Version: 1.5.1
Component: General Keywords:
Focuses: Cc:

Description

While troubleshooting someone's blog, I noticed the webhost dropped any POST request coming from 'outside'.
To the webhost's server, the POST from WP's comment form was 'outside', so to speak, because its action was set to a complete URI.

This lead to blank wp-comment-post.php, with no comment posted.

Solution to this problem is making the form have an action that is of the form /absolute/path/to/wp-comment-post.php.
This requires some thinking about whether to make it a setting by itself (a dynamic one built from siteurl), or to provide a function for it.

Change History (4)

#1 @michel v
20 years ago

  • Patch set to No

#2 @rob1n
18 years ago

  • Component changed from Template to General

I've never heard of this (dropping "outside" POST requests)... some more details would be nice (httpd software, etc).

#3 @rob1n
18 years ago

  • Resolution set to worksforme
  • Status changed from new to closed

#4 @tombarta
18 years ago

From the server's standpoint, there is no difference whether or not a web page indicated an absolute URI or a relative URI; the subsequent request generated by the browser will be the same, unless the browser itself is broken.

If the client had disabled sending the Referer header, this may have caused a problem. The server could be configured to disallow POST requests that don't have a Referer originating from itself (referer checks are often done to reduce image hotlinking or as a misguided attempt to increase security).

Note: See TracTickets for help on using tickets.