[
https://issues.apache.org/jira/browse/SLING-5824?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15366111#comment-15366111
]
Carsten Ziegeler commented on SLING-5824:
-----------------------------------------
I was wondering about the same as Antonio - as you say that you usually use GET
and only if the url gets too long switch to POST, so for the GETs you're
bypassing the protection
> Servlet Filter to do POST tunnelling to GET
> -------------------------------------------
>
> Key: SLING-5824
> URL: https://issues.apache.org/jira/browse/SLING-5824
> Project: Sling
> Issue Type: Improvement
> Components: Servlets
> Reporter: Christanto
>
> Sometimes there is a case where the request URL is very long. For example,
> during advanced search where there are many fields.
> To accommodate this, the request is tunneled through POST, such that the
> client do a POST request and then the server convert it to GET, so that the
> other code in the chain only knows about GET.
> So far the custom POST handler needs to be created specifically for this:
> {code}
> slingRequest.getRequestDispatcher(resource).forward(new
> HttpServletRequestWrapper(request) {
> @Override
> public String getMethod() {
> return "GET";
> }
> }, response);
> {code}
> Since this is generic and to avoid creating a custom POST handler every time
> for this, it makes sense to implement this in Sling using Servlet Filter. For
> example, a special parameter can be introduced for this purpose named
> "\_method\_". So the filter will check for this parameter and wrap the
> request accordingly (also remove the "\_method\_"). This is similar to
> "\_charset\_" parameter for encoding.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
