Login ProductsSalesSupportDownloadsAbout |
Home » Technical Support » Elevate Web Builder Technical Support » Support Forums » Elevate Web Builder General » View Thread |
Messages 1 to 9 of 9 total |
POST parameters are incorrect |
Mon, Sep 10 2018 12:22 PM | Permanent Link |
erickengelke | There is an HTTP protocol error in the handling of parameters over TServerRequest.
If you specify a POST or PUT with rmPOST or rmPUT, the parameters over the network should not be passed on the URL like the are with the GET operation. By default they should normally be passed as RequestContent.Add( optdata ); RequestHeaders.Add('Content-Type:application/x-www-form-urlencoded'); Erick EWB Programming Books and Component Library http://www.erickengelke.com |
Tue, Sep 11 2018 6:46 AM | Permanent Link |
Matthew Jones | erickengelke wrote:
> There is an HTTP protocol error in the handling of parameters over TServerRequest. > > If you specify a POST or PUT with rmPOST or rmPUT, the parameters over the network should not be passed on the URL like the are with the GET operation. By default they should normally be passed as > > RequestContent.Add( optdata ); > RequestHeaders.Add('Content-Type:application/x-www-form-urlencoded'); Hmm, I've seen plenty where they are done both ways, and sometimes at the same time. I don't think you can safely say it should be one way or the other. -- Matthew Jones |
Tue, Sep 11 2018 3:41 PM | Permanent Link |
erickengelke | "Matthew Jones" wrote:
erickengelke wrote: >> There is an HTTP protocol error in the handling of parameters over TServerRequest. >> >> If you specify a POST or PUT with rmPOST or rmPUT, the parameters over the network should not be passed on the URL like the are with the GET operation. By default they should normally be passed as >> >> RequestContent.Add( optdata ); >> RequestHeaders.Add('Content-Type:application/x-www-form-urlencoded'); > Hmm, I've seen plenty where they are done both ways, and sometimes at the same time. I don't think you > can safely say it should be one way or the other. If you read through the RFCs, it is supposed to be passed with the simple x-www-form-urlencoded, or other formats like JSON. Where this can run into problems is interoperability with other systems, where servers often require you to pass userid/password as parameters with a POST for login. While passing them on the URL technically passes, most web servers (NGINX, Apache) will log all parameters on the URL to a file, meaning you will have logs filled with userids and passwords of unsuspecting users. Erick -- Matthew Jones EWB Programming Books and Component Library http://www.erickengelke.com |
Wed, Sep 12 2018 5:01 AM | Permanent Link |
Matthew Jones | I had a look at my code, and I have just been passing JSON in the RequestContent. I can see that it makes sense to have an option to ask that the Post should use the body for the parameters as you suggest, but it should be optional and if set then a RequestContent being there should cause an exception (you can't have both).
-- Matthew Jones |
Wed, Sep 12 2018 11:47 AM | Permanent Link |
Tim Young [Elevate Software] Elevate Software, Inc. timyoung@elevatesoft.com | Erick,
<< There is an HTTP protocol error in the handling of parameters over TServerRequest. >> Are you specifically talking about databases/datasets ? Apart from that, the TServerRequest component makes no decisions for you in terms of how to handle parameter passing (URL vs. content). Tim Young Elevate Software www.elevatesoft.com |
Thu, Sep 13 2018 12:05 AM | Permanent Link |
erickengelke | Tim Young [Elevate Software] wrote:
<< There is an HTTP protocol error in the handling of parameters over TServerRequest. >> > Are you specifically talking about databases/datasets ? Apart from that, the TServerRequest component makes no >decisions for you in terms of how to handle parameter passing (URL vs. content). It's when you set Params.Values[xxx] on TServerRequests. A person can override the default behaviour, but the default handling should not be on the Query part of the URL. E EWB Programming Books and Component Library http://www.erickengelke.com |
Thu, Sep 13 2018 9:18 AM | Permanent Link |
erickengelke | erickengelke wrote:
Tim Young [Elevate Software] wrote: << There is an HTTP protocol error in the handling of parameters over TServerRequest. >> >> Are you specifically talking about databases/datasets ? Apart from that, the TServerRequest component makes no >decisions for you in terms of how to handle parameter passing (URL vs. content). >It's when you set Params.Values[xxx] on TServerRequests. I found the error of my ways. Instead of TServerRequest.Params.Values[] , one should set: RequestContent.Params.Values[xxx] = 'blah'; RequestHeaders.Add('Content-Type:application/x-www-form-urlencoded'); It's slightly more manual, having to add the content type, but it has the desired effect, and nicely uses the Values feature of TStrings to manage the parameters. Erick EWB Programming Books and Component Library http://www.erickengelke.com |
Thu, Sep 13 2018 10:12 AM | Permanent Link |
Matthew Jones | erickengelke wrote:
> RequestHeaders.Add('Content-Type:application/x-www-form-urlencoded'); How about the ResponseContentType property instead? -- Matthew Jones |
Mon, Sep 17 2018 4:06 PM | Permanent Link |
erickengelke | "Matthew Jones" wrote:
erickengelke wrote: >> RequestHeaders.Add('Content-Type:application/x-www-form-urlencoded'); >How about the ResponseContentType property instead? Yeah, that's better. I also added the URLencode parameter magic to support passwords with exceptional characters. E EWB Programming Books and Component Library http://www.erickengelke.com |
This web page was last updated on Thursday, April 18, 2024 at 10:42 AM | Privacy PolicySite Map © 2024 Elevate Software, Inc. All Rights Reserved Questions or comments ? E-mail us at info@elevatesoft.com |