Jay Deiman <ad...@splitstreams.com> added the comment: Senthil,
That is a good point about the potential for security issues. What if it was an explicit option in HTTPRedirectHandler since there is a possibility of value in being able to do it. I know my case is probably unusual, but I imagine that others might have run into this too. Something roughly along this line is what I'm thinking: ---------------- class HTTPRedirectHandler(BaseHandler): redirect_post_data = False ... ... def redirect_request(self, req, fp, code, msg, headers, newurl): ... ... data = None if req.has_data() and self.redirect_post_data: data = req.get_data() return Request(newurl, data=data, headers=newheaders, origin_req_host=req.get_origin_req_host(), unverifiable=True) ---------------- That would leave the current default behavior as-is, but leave the option to explicitly override it by the user, perhaps with a BIG DISCLAIMER comment about security. ---------- _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue14144> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com