Passing params in the URL when using HTTP POST

http iis url soap post
10,000

Solution 1

Lets start with the simple stuff. HTTP GET request variables come from the URI. The URI is a requested resource, and so any webserver should (and apache does) have the entire URI stored in some variable available to the modules or appserver components running within the webserver.

An http POST which is different from an http GET is a separate logical call to the webserver, but it still defines a URI that should process the post. A good webserver (apache being one) will again make the URI available to whatever module or appserver is running within it, then will additionally make available the variables which were sent in the POST headers.

At the point where your application takes control from apache during a POST you should have access to both the GET and POST variables and be able to do whatever control logic you wish, including replying with a SOAP protocol instead of HTML.

Solution 2

If you are asking whether it is possible to send parameters via both GET and POST in a single HTTP request, then the answer is "YES". This is standard functionality that can be used reliably AFAIK.

One such example is sending authentication credentials in two pieces, one over GET and the other through POST so that any attempt to hijack a session would require hijacking both the GET and POST variables.

So in your case, you can use POST to contain the actual SOAP request but test for whether it is a SOAP request based on the parameter passed in GET (or in other words through the URL).

Solution 3

I believe that no standard actually defines the concept of "HTTP parameters" or "request variables". RFC 1738 defines that an URL may have a "search part", which is the substring after the question mark. HTML specifies in the form submission protocol how a browser processing a FORM element should submit it. In either case, how the server-side processes both the search part and the HTTP body is entirely up to the server - discarding both would be conforming to these two specs (but fairly useless).

In order to determine whether you can post a search part to a specific service, you need to study this service's protocol specification. If the service is practically defined by means of a HTML form, then you cannot use a mix - you can't even use POST if the FORM specifies GET (and vice versa). If you post to a web service, you need to look at the web service's WSDL - which will typically mandate POST; with all data in a SOAP message. Etc.

Specific web frameworks may have the notion of "request variables" - whether they will draw these variables both from a search part and a request body, you need to find out in the product documentation.

Solution 4

allowable? sure, it's doable, but i'm leaning towards the spec suggesting dual methods isn't necessarily supposed to happen, or be supported. RFC2616 defines HTTP/1.1, and i would argue suggests only one method per request. if you think about your typical HTTP transaction from the client side, you can see the limitation as well:

$ telnet localhost 80
POST /page.html?id=5 HTTP/1.1
host: localhost

as you can see, you can only use one method (POST/GET, etc...), however due to the nature of how various languages operate, they may pick up the query string, and assign it to the GET variable. ultimately though, this is a POST request, and not a GET.

so basically, yes this functionality exists, is it intended? i would say no.

Solution 5

I deployed a web application with 3 (a mobile network operator) in the UK. It originally used POST parameters, but the 3 gateway stripped them (and X-headers as well!). So beware...

Share:
10,000

Related videos on Youtube

rmeador
Author by

rmeador

Updated on April 14, 2022

Comments

  • rmeador
    rmeador about 2 years

    Is it allowable to pass parameters to a web page through the URL (after the question mark) when using the POST method? I know that it works (most of the time, anyways) because my company's webapp does it often, but I don't know if it's actually supported in the standard or if I can rely on this behavior. I'm considering implementing a SOAP request handler that uses a parameter after the question mark to indicate that it is a SOAP request and not a normal HTTP request. The reason for this that the webapp is an IIS extension, so everything is accessed via the same URL (ex: example.com/myisapi.dll?command), so to get the SOAP request to be processed, I need to specify that "command" parameter. There would be one generic command for SOAP, not a specific command for each SOAP action -- those would be specified in the SOAP request itself.

    Basically, I'm trying to integrate the Apache Axis2/C library into my webapp by letting the webapp handle the HTTP request and then pass off the incoming SOAP XML to Axis2 for handling if it's a SOAP request. Intuitively, I can't see any reason why this wouldn't work, since the URL you're posting to is just an arbitrary URL, as far as all the various components are concerned... it's the server that gives special meaning to the parts after the question mark.

    Thanks for any help/insight you can provide.

  • rmeador
    rmeador over 15 years
    Your example is exactly what I'm talking about... a POST request where the URL includes some params after the question mark. It would be up to the server to determine whether or not it works, right? If so, I know it works on IIS, so I can rely on it, right?
  • Jon Skeet
    Jon Skeet over 15 years
    @Owen: No-one suggested having two methods, as far as I can see - just having parameters on the POST URL. There's nothing wrong with that.
  • Owen
    Owen over 15 years
    @Jon: yes i agree. @ rmeador: i think the confusion may be who's handling what. ie, server handles the method (POST/GET), language handles parsing the searchpart of a URL (separate concern). so as long as your language supports it, it shouldn't be an issue.
  • martin
    martin over 7 years
    I know this is a really old post, but sometimes in authentication, credentials must not be included in the request uri link. Still trying to figure out why…

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

what is the meaning of "body" in a POST request?
HTTP error 415 what am I doing wrong?
POST: sending a post request in a url itself
How do you force a web browser to use POST when getting a url?
Android, sending XML via HTTP POST (SOAP)
How do I send a POST request as a JSON?
How do I send Parameters by using HTTP POST with T-SQL and OLE Automation Procedures
Maximum default POST request size of IIS 7 - how to increase 64kB/65kB limit?
Retrieve HTTP POST request containing XML
Error while checking if URL is exists in Flutter