Confirm Form Resubmission after POST request in Google Chrome

A

abrwalk2013-02-23 22:54:47

PHP

abrwalk, 2013-02-23 22:54:47

As you know, after the POST form, it is desirable to make a redirect to protect against resubmission of data.
But in chrome (versions 25 and 26) for some reason it doesn’t work, it’s strange that I haven’t seen this before, apparently they broke it recently, or I don’t ...

if ($_SERVER['REQUEST_METHOD'] == 'POST') {
    //setcookie('post', 1, time()+604800);
    header('Location: '.$_SERVER['REQUEST_URI'], true, 301);
}
//elseif (isset($_COOKIE['post'])) {
//    setcookie('post', '', time()-604800);
//    header('Location: '.$_SERVER['REQUEST_URI'], true, 303);
//}
?>
<form name="form" id="form" method="post" action="<?=$_SERVER['REQUEST_URI']?>">
<input type="submit" id="submit" name="submit" value="Submit" />
</form>

When refreshing the page, it still tries to send a POST, even if you make a second redirect (which is commented out).

In other browsers everything is clear (FF, Opera, IE8-9)

UPD found the details here, the bug is only from the latest version:
code.google.com/p/chromium/issues/detail?id=177855

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

E

egorinsk, 2013-02-23
@egorinsk

Before blaming Chrome for "wrong" behavior, it's worth looking at the RFC, and how browsers should behave in such a situation:
www.w3.org/Protocols/rfc2616/rfc2616-sec10.html#sec10.3.2
> Note: When automatically redirecting a POST request after receiving a 301 status code, some existing HTTP/1.0 user agents will erroneously change it into a GET request.
It turns out that this behavior complies with the HTTP standard. No wonder, because Chrome is developed (unlike competing browsers) by the best programmers in the world.

N

Nikita Gusakov, 2013-02-24
@hell0w0rd

Weird, it doesn't really work. True, redirects to pages other than the one to which the form was sent work quite normally.