SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Enthusiast
    Join Date
    Feb 2012
    Posts
    55
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    POST data lost in HTTPS load without server name... why?

    The problem: when the site loads a page using HTTPS, the new page is loaded but $_POST is empty.

    I figured out how to fix it, but I'm posting for two reasons. First, to ask for insight into why the problem happened. Second, to help anyone who encounters the same problem.

    I first tested the site with a temporary URL provided by the hosting service. This had the form servername.hostname.com/~accountname. For this test I used a self-signed certificate which covered servername.hostname.com. Everything worked.

    Then I assigned the site its own domain name, created a certificate for www.owndomain.com, and tested again. That is when the problem occurred.

    The cause: I was generating the URL of the HTTPS page without a server name; that is, in the form https://owndomain.com instead of https://www.owndomain.com.

    I have a rewrite rule that rewrites owndomain.com to www.owndomain.com, and I suspect that has something to do with the problem. I believe a rewrite rule must explicitly incorporate parameters into the rewritten URL if it wants them, but since I'm using POST, not GET, I shouldn't have to do that (and can't).

    More experienced developers, please: any insights into what happened?

  2. #2
    Twitter: @TimIgoe silver trophy TimIgoe's Avatar
    Join Date
    Feb 2005
    Location
    Blackpool, UK
    Posts
    1,056
    Mentioned
    27 Post(s)
    Tagged
    1 Thread(s)
    When you do a redirect, the post data indeed will be lost for some types, you can set a redirection to ask the user if post data should be re-sent, a 307 i think it is (off hand).

    You should be doing the redirect THEN dealing with the https to sort the problem with needing an ssl for both.

    Equally, could you not correct the post requests to post to the correct url (www. ) to avoid the redirectoin?

  3. #3
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,650
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    OD,

    I'm pleased that you found the answer (using the correct www'd version to match the certificate) but I do not understand why the $_REQUEST array ($_POST and $_GET) are affected in any way. Saying that, there must be something in your .htaccess which is doing that to you. Care to post it all (mask the domain name - it's not critical) so we can actually help?

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  4. #4
    SitePoint Enthusiast
    Join Date
    Feb 2012
    Posts
    55
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Tim may have the answer, but I don't entirely understand what he said yet.

    I'm posting the .htaccess file for dklynn. Another perspective won't hurt even if Tim is right.

    The same .htaccess file is used on two different sites (QA and production), and so contains two mutually exclusive rewrite rules. I'm representing their doman names by aaaaa and bbbbb. This site (the QA site) is bbbbb.

    Options +FollowSymlinks
    RewriteEngine on
    rewritecond %{http_host} ^aaaaa\.com [nc]
    rewriterule ^(.*)$ http://www.aaaaa\.com/$1 [r=301,nc]
    rewritecond %{http_host} ^bbbbb\.com [nc]
    rewriterule ^(.*)$ http://www.bbbbb\.com/$1 [r=301,nc]

  5. #5
    Twitter: @TimIgoe silver trophy TimIgoe's Avatar
    Join Date
    Feb 2005
    Location
    Blackpool, UK
    Posts
    1,056
    Mentioned
    27 Post(s)
    Tagged
    1 Thread(s)
    That rewrite alone shouldn't do anything if the user has already gone to www. - I can't just remember off hand what a 301 does with POST data.

  6. #6
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,650
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    OD,

    I searched at http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html for an Apache code which would resend the $_POST array. It was a quick search but I couldn't find anything (307 is Temporary Redirect). As I don't believe that the Redirect used would alter the $_REQUEST ($_GET, $_POST & $_COOKIE} array, I didn't expect an array resent code.

    Your mod_rewrite code is okay (not preferred - lowercase is not wrong but just not preferred) and the NC in the RewriteRule is ... well, absurd (what case is (.*)?). What your code does is merely force www. on both your domains. Why not merely use:
    Code:
    RewriteEngine on
    RewriteCond %{HTTP_HOST} !^www\. [NC]
    RewriteRule .? http://www.%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
    This, too, should not cause the $_REQUEST array to be withheld or altered.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •