Message154518
| Author |
crustymonkey |
| Recipients |
crustymonkey, orsenthil |
| Date |
2012年02月27日.23:07:49 |
| SpamBayes Score |
0.002290168 |
| Marked as misclassified |
No |
| Message-id |
<1330384070.16.0.242796502038.issue14144@psf.upfronthosting.co.za> |
| In-reply-to |
| Content |
Senthil,
That is a good point about the potential for security issues. What if it was an explicit option in HTTPRedirectHandler since there is a possibility of value in being able to do it. I know my case is probably unusual, but I imagine that others might have run into this too. Something roughly along this line is what I'm thinking:
----------------
class HTTPRedirectHandler(BaseHandler):
redirect_post_data = False
...
...
def redirect_request(self, req, fp, code, msg, headers, newurl):
...
...
data = None
if req.has_data() and self.redirect_post_data:
data = req.get_data()
return Request(newurl,
data=data,
headers=newheaders,
origin_req_host=req.get_origin_req_host(),
unverifiable=True)
----------------
That would leave the current default behavior as-is, but leave the option to explicitly override it by the user, perhaps with a BIG DISCLAIMER comment about security. |
|
History
|
|---|
| Date |
User |
Action |
Args |
| 2012年02月27日 23:07:50 | crustymonkey | set | recipients:
+ crustymonkey, orsenthil |
| 2012年02月27日 23:07:50 | crustymonkey | set | messageid: <1330384070.16.0.242796502038.issue14144@psf.upfronthosting.co.za> |
| 2012年02月27日 23:07:49 | crustymonkey | link | issue14144 messages |
| 2012年02月27日 23:07:49 | crustymonkey | create |
|