Jay Deiman <[email protected]> added the comment:
Senthil,
That is a good point about the potential for security issues. What if it was
an explicit option in HTTPRedirectHandler since there is a possibility of value
in being able to do it. I know my case is probably unusual, but I imagine that
others might have run into this too. Something roughly along this line is what
I'm thinking:
----------------
class HTTPRedirectHandler(BaseHandler):
redirect_post_data = False
...
...
def redirect_request(self, req, fp, code, msg, headers, newurl):
...
...
data = None
if req.has_data() and self.redirect_post_data:
data = req.get_data()
return Request(newurl,
data=data,
headers=newheaders,
origin_req_host=req.get_origin_req_host(),
unverifiable=True)
----------------
That would leave the current default behavior as-is, but leave the option to
explicitly override it by the user, perhaps with a BIG DISCLAIMER comment about
security.
----------
_______________________________________
Python tracker <[email protected]>
<http://bugs.python.org/issue14144>
_______________________________________
_______________________________________________
Python-bugs-list mailing list
Unsubscribe:
http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
