My question is, should mod_python.publisher and mod_python.psp be enhanced and call req.discard_request_body() for a GET request to avoid the posibilities of any problems arising due to a client sending content for a GET request?
-1 on that particular way of implementing it. If the GET request has a body, that body probably serves some purpose.
The right thing to do for any handler that does not know how to handle the request is to return a 'bad request' error to the client. Just throwing away what is not understood is not very nice to developers and users - you'll get unexpected behaviour because the server is only handling a part of the request.
The trouble here is of course that publisher or PSP cannot tell forehand that the handler will read the body data. So the only way to determine this is to have the handler handle the request, and after that, check if it did read all of the request. If not, you're too late to report this to the client, because the headers have already been sent out. Putting some message in an error log that no-one will ever read (in particular not the one who caused that problem) does not make sense either. To fix this, the handler should somehow advertise its capability to read the body.
I guess you can't really solve the problem. Which is the lesser evil? Mike.
