Opened 10 years ago
Closed 10 years ago
#27498 closed defect (bug) (fixed)
Canonical redirect is applied upon POST request
Reported by: | c.axelsson | Owned by: | SergeyBiryukov |
---|---|---|---|
Milestone: | 4.0 | Priority: | normal |
Severity: | normal | Version: | 3.1 |
Component: | Canonical | Keywords: | has-patch 4.0-early |
Focuses: | Cc: |
Description (last modified by )
If $_POST
is empty a canonical redirect is still made even though it should be ignored upon all POST requests. As this redirect occurs before user have a chance to handle the request themselves in a template_redirect filter it prevents users to write proper REST APIs that include POST requests with no data.
A patch that uses $_SERVER['REQUEST_METHOD']
instead of relying on the $_POST
variable to identify request type is attached.
Attachments (4)
Change History (17)
#4
@
10 years ago
I have attached an updated the patch that makes sure that the request actually is a GET request. It's needed for HTTP OPTIONS, DELETE, PATCH etc.
#6
@
10 years ago
- Owner set to SergeyBiryukov
- Resolution set to fixed
- Status changed from new to closed
In 28958:
#7
@
10 years ago
- Resolution fixed deleted
- Status changed from closed to reopened
I don't see why HEAD requests should be ignored.
#8
@
10 years ago
Agree with Nacin. HEAD requests really should have canonical redirects. I think this is a regression otherwise.
#9
@
10 years ago
27498.patch adds HEAD requests to the condition.
#10
@
10 years ago
We should probably strtoupper()
first. PHP does not guarantee the value to be uppercase. The HTTP specs do, but you never know what a requester will do.
#11
@
10 years ago
Indeed, see 27498.2.patch.
#12
@
10 years ago
template-loader.php is way simpler:
if ( 'HEAD' === $_SERVER['REQUEST_METHOD'] && apply_filters( 'exit_on_http_head', true ) ) exit();
This also happens to fail when it isn't set, but you're usually not running template-loader.php via CLI.
I'm fine with adjusting template-loader.php later, just pointing out where else we do this.
Introduced in [5978], modified in [16797].