I have just added to mod_python in subversion a req.discard_request_body() method. This is a direct wrapper for underlying ap_discard_request_body() function in C API.
The purpose of the underlying function is as described in documentation attached to prorotype in headers. /** * In HTTP/1.1, any method can have a body. However, most GET handlers * wouldn't know what to do with a request body if they received one. * This helper routine tests for and reads any message body in the request, * simply discarding whatever it receives. We need to do this because * failing to read the request body would cause it to be interpreted * as the next request on a persistent connection. * @param r The current request * @return error status if request is malformed, OK otherwise */ AP_DECLARE(int) ap_discard_request_body(request_rec *r); In other words, the function should be used in GET handlers to get rid of any content in the request. I appreciate that web clients are generally well behaved, but if such content is sent and isn't discarded and keep alives are in use on a connection and requests are pipelined, that content can be wrongly interpreted as being the next request and a failure would thus occur. A robust handler would therefore always call req.discard_request_body() if the request is a GET request. My question is, should mod_python.publisher and mod_python.psp be enhanced and call req.discard_request_body() for a GET request to avoid the posibilities of any problems arising due to a client sending content for a GET request? With the rise of AJAX applications where Javascript is explicitly used to send custom requests, even if it is done inadvertantly and POST should have been used, the risk of having GET requests with content is also probably on the rise. Note that although mod_python.publisher will always apply util.FieldStorage to a request, it only consumes content for a POST request. Same deal with mod_python.psp, although it only processes forms when "form" variable accessed from PSP page. Thoughts??? Graham
