[jira] [Commented] (SLING-5824) Servlet Filter to do POST tunnelling to GET

[Amit Gupta (JIRA)]

    [ 
https://issues.apache.org/jira/browse/SLING-5824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15365947#comment-15365947
 ] 

Amit Gupta commented on SLING-5824:
-----------------------------------

>GET is still preferable for the use case, as it allows bookmarking
But once you start using POST from client, as you mentioned in description, 
this advantage is already lost. Isn't it

However the Security issues can be mitigated as mentioned by Roy in
https://issues.apache.org/jira/browse/SLING-53?focusedCommentId=12553455&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-12553455

By only allowing POST to be changed to GET, not the other way.

Though, I am not still convinced about current use case, for this to be added 
to Sling. 

However, Couple of other reasons why it is needed are described in
http://fandry.blogspot.in/2012/03/x-http-header-method-override-and-rest.html
http://stackoverflow.com/questions/165779/are-the-put-delete-head-etc-methods-available-in-most-web-browsers

Not sure, if Sling users need those.


> Servlet Filter to do POST tunnelling to GET
> -------------------------------------------
>
>                 Key: SLING-5824
>                 URL: https://issues.apache.org/jira/browse/SLING-5824
>             Project: Sling
>          Issue Type: Improvement
>          Components: Servlets
>            Reporter: Christanto
>
> Sometimes there is a case where the request URL is very long. For example, 
> during advanced search where there are many fields.
> To accommodate this, the request is tunneled through POST, such that the 
> client do a POST request and then the server convert it to GET, so that the 
> other code in the chain only knows about GET.
> So far the custom POST handler needs to be created specifically for this:
> {code}
> slingRequest.getRequestDispatcher(resource).forward(new 
> HttpServletRequestWrapper(request) {
>     @Override
>     public String getMethod() {
>         return "GET";
>     }
> }, response);
> {code}
> Since this is generic and to avoid creating a custom POST handler every time 
> for this, it makes sense to implement this in Sling using Servlet Filter. For 
> example, a special parameter can be introduced for this purpose named 
> "\_method\_". So the filter will check for this parameter and wrap the 
> request accordingly (also remove the "\_method\_"). This is similar to 
> "\_charset\_" parameter for encoding.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)