I'm running a website where customers can submit forms. I'm using PHP on the server side and using the POST method (large forms). The problem is that sometime, the request comes to my web server as a GET request with no post information. This problem occurs only when the form is submitted from a given customer location and the problem is intermittent (work most of the time).
Using fiddler, I think I determined what is happening, but can't think of a workaround. Posting on stackoverflow to see if someone has an idea.
Basically, the sequence is as follows:
1- POST Request is sent with all appropriate data.
2- POST Request seems to be intercepted by an authentication proxy server.
3- Proxy Server sends a HTTP 302 response to the POST request and redirect to another internal address for authentication.
4- Authentication transactions take place (two GET requests, with 401 response)
5- Proxy server answers a 302 redirect to the last authentication request, which redirect to the original request.
6- But the browser send the original request as a GET request with NO post information instead of a POST request as it was sent originally.
The end result is a blank page at the user, and form data is lost.
Could it be because of that even though the original request is a POST, it does includes a few parameters in the URL (maybe the browswer assumes it is a GET because of these?)?
Is it normal behavior? I've read that this is as per standard (browsers always answer to 302 with GET), but I can't believe that this is the case, since that there is no solution for POST request in these situations?
There must be some ways of getting around this issue which leads to very bad user experience. Let me know what you think.
I've encountered something like this as well when using custom ErrorDocument specifically for me a 404 page. Apparently with 404 pages and I'm assuming maybe 401? No post data gets sent to them. What I ended up doing instead of this is made it goes to a 404 page the same way but I use a rewrite rule instead of the errordocument.
Here's the rewrite rules for doing the same thing errorDocument 404
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteCond %{REQUEST_FILENAME}index.php !-f
RewriteRule ^(.*?)$ /error404.php [L]
As a completely side thought perhaps if you can't get around knowing if it's going to be post or get you could use $_REQUEST instead and it would be able to handle the request no matter which way it came in.