Suggesting POST option for the raplet protocol

Skip to first unread message

Tarun Pondicherry

Sep 13, 2011, 3:53:54 PM9/13/11

I think there should also be a POST version of the raplet protocol so using https would encrypt the email addresses being queried.


Sam Stokes

Sep 13, 2011, 9:57:43 PM9/13/11
Hi Tarun, as I'm sure you know, HTTPS encrypts the entire request,
including the URL and any request data. So there's actually no
difference in security between a GET request and a POST request: in
both cases, using HTTPS prevents an attacker from listening in on the
request by sniffing network traffic. (If you're using plain
unencrypted HTTP, POST provides no more protection.)

You might be seeing email addresses from Raplet requests in your logs:
some HTTP servers, proxies and web frameworks log the entire URL,
including query parameters, for each incoming request. It's true that
putting the email addresses in the body of a POST request instead of
the query parameters of a GET request would stop these servers from
logging the data, but it should also be possible to configure them to
strip out the query parameters from the URL before logging. (e.g.
Rails has filter_parameters where you can specify parameters you want
to strip out.)

Unfortunately it's hard for us to use POST for Raplet requests,
because the request is originating from but going to, so the browser will disallow it; we use JSONP
to get around the cross-domain restriction, but JSONP only supports
GET requests. One day we might use CORS
(, which
supports POST requests, instead of JSONP for Raplet requests, but that
would require Raplet authors to implement support for CORS on the
server side, and not all web frameworks support it yet.

Does that make sense?
Sam Stokes
CTO, Rapportive


On 13 September 2011 12:53, Tarun Pondicherry

> --
> You received this message because you are subscribed to the Google
> Groups "Raplet developer discussion list" group.
> To post to this group, send email to
> To unsubscribe from this group, send email to
> For more options, visit this group at

Reply all
Reply to author
0 new messages