Nick Kew wrote:
However, I have read the whole request body even if I don't need all
that data, just to verify that the post doesn't contain the specific
token that I'm looking for.
You mean, read POST data and decide based on that whether to handle it?
That's broken design. Not necessarily your module, but the application
it's part of, is broken. You should be able to make that decision
based on the request headers.
I understand that having to read the post data and to decide whether to
handle it or not is bad design. But I have no other option as cardspace
authentication does not provide any mechanism to decide if I have to
handle the request, just by using the request headers.
Having said that, there are several ways to do what you want.
Probably the most generic would be an input filter that'll dup the data,
so your handler can go first and read them without consuming them.
mod_security offers an example you could look at.
Thanks, I will try that.
Dumindu.
