HTTPLib and POST problem with '?'
aleax at aleax.it
Mon Jan 14 00:07:21 CET 2002
Jason Orendorff wrote:
>> > h.putrequest("POST", "/cgi-bin/script.cgi?name=Paul")
>> No; this violates the HTTP standards (the ? and after are
>> only used for GET, to encode the FORM values; in POST, the
>> form values are sent as the request's data instead of in
>> the URL) [...]
> Is this true? Admittedly I avoid using POST this way,
> but is there really something in RFC 2616 that forbids it?
> I wasn't able to find anything.
If I recall correctly the last time this discussion came up, the relevant
paragraph is in section 9.5, POST, of RFC 2616, and I quote:
"The posted entity is subordinate to that URI in the same way that a file
is subordinate to a directory containing it, a news article is
subordinate to a newsgroup to which it is posted, or a record is
subordinate to a database." where "that URI" is the request URI.
In the CGI standard (sorry, no standard text at all, so summarizing from
memory) there is no "subordinate" relationship between QUERY_STRING
and the script's stdin; thus it doesn't meet the requirements of POST.
In the light of the meta-principle "be conservative in what you generate,
and liberal in what you accept", I think a server should probably accept a
(probably-incorrect) mix of both, and try to do something sensible; but a
client (e.g., httplib) should never generate the mix.
More information about the Python-list