CGI Redirect with parameters (post method)

[James]

Instead of the following way (get method for the URL),

print $cgi-> redirect(
-uri => "some-URL?param=$param",
...
);

how can I use post method? I don't want to reveal "param=$param".

I checked perldoc CGI, but not much help.

Thanks.
James

[Rainer Weikusat]

James <hsle...@yahoo.com> writes:
> Instead of the following way (get method for the URL),
>
> print $cgi-> redirect(
> -uri => "some-URL?param=$param",
> ...
> );
>
> how can I use post method? I don't want to reveal "param=$param".

That's not directly possible as 'methods' are used by the client and 'a
redirect' is part of a reply from the server. You can hide the actual
parameters in other ways, eg, you could encrypt the actual query string
using a secret key only known to the server and instruct the client to
pass the encrypted string back to the server using some generic
parameter name. Prior to processing, the server would decrypt what it
got from the client and thus regain the actual parameters.

[Eli the Bearded]

This is an HTTP limitation by design since GET and POST are intended for
different purposes.

http://programmers.stackexchange.com/questions/99894/why-doesnt-http-have-post-redirect

As close reading of the 307 redirect spec shows that it can be used for
this, but there is a major usage caveat:

http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html

10.3.8 307 Temporary Redirect
[...]
If the 307 status code is received in response to a request other
than GET or HEAD, the user agent MUST NOT automatically redirect the
request unless it can be confirmed by the user, since this might
change the conditions under which the request was issued.


I have not done (nor seen the results of someone else doing) tests to
check how well browsers adhere to that MUST NOT nor what the UI for the
confirmation would look like.

Elijah
------
not sure if that helps