aa56280 wrote: > Hello there, > > I have a form. Once it's submitted (method=POST) the view handling the > submit uses the @login_required decorator. > > Problem is that when the login page intercepts to enforce login, it > passes the user over to the view via the "next" parameter but that's > no longer considered a POST request. > > So how do I make sure that it remains a POST and not a GET?
I believe the login_required decorator uses an HTTP 30x redirect which by definition only passes along GET parameters dropping POST parameters. In theory it could use an HTTP/1.1 307 redirect, but there are multiple problems[1] with that, mostly in browser consistency: 0) the standard requires a message to the user notifying them that POSTed data is being redirected. FireFox, Opera, Lynx ( and newer versions of IE?) respect this. 1) in several versions of IE (incl IE6 which I tested), it redirects without the warning required by the HTTP specifications [2] 3) older browsers such as Netscape don't redirect, but rather show the intermediate 307 page 4) some browsers such as Dillo redirect but don't carry over the POST data. So that said, while it _should_ work, it is prone to interrupt the users' workflow or not work consistently across browsers. Another alternative has been to rely on JavaScript to rePOST the data to the resulting page, but that breaks for folks running non-JS enabled browsers (or those of us that have NoScript installed) One last alternative is to have your code translate your POST parameters into GET parameters. However, this has flaws as well: large data such as <textarea> data and files don't work, can leave passwords in the visible browser-history, and you break the RESTful nature of GET URLs if it performs a non-idempotent action (in turn possibly causing trouble with caching). Or you can ensure that they log in before they start filling out the form so the POST will succeed. -tim [1] http://www.alanflavell.org.uk/www/post-redirect.html [2] http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Django users" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/django-users?hl=en -~----------~----~----~----~------~----~------~--~---
