Some things in the Http specification are counterintuitive. Working in the client-server programming field, this is something that I have to deal with every now and then.
One case in particular is stressful in the environment I work. Thats why I want to write a bit more about it in detail.
The Problem
In a CMS you usually work with pages/objects/etc. that have identifiers. For example: this wordpress page has a /520/ in the URL. In my environment the API’s were put together sometimes years ago and the people often defined API based on those pages:
- Create API module
- instanciate it as object 367
- have a link like “api.367 .html”
We flash developers get told: “Take ‘api.123.html’; There you go!”.
Everything works fine, but at some certain point in development, for one in a number of reasons: We need a redirect. And this redirect ends in the problem that suddenly all POST requests stop to work.
Shit.
Now, to solve this, we have to look a bit into the detail of why that happens:
302 explained
A redirect is a http 302 response that gets automatically interpreted by the browser (or flash) and loads the page noted in this redirect. Unlike GET parameters, POST parameters are not supported. This is for a very good reason: POST as defined in http is not permanent. That means: it might create every time a new response. Every response from a POST request must be treated unique and therefore the initial post parameters are not passed-through. The logical consequence is that all our nice API calls will fail.
Solving the Problem
The obvious solution to the problem at hand is to never redirect to a page that takes POST parameters. To achieve that, one can use a simple apache rewrite rule. The rewrite rules usually only redirect, so: make sure that you didn’t forget the proxy|P parameter. This will proxy the request and you can work on.
Puh. Solved.
Don’t let it happen
If you design, together with your web guys, a API: make sure there is no possibility of redirects. The API you are about to create will be almost like carved into stone. Any developer who uses it might run into such a redirect and you will be the support line. If you have to work with a system that uses generated ids: Use proxied redirects from the start.
Tags: Best Practices, Flash