Announcement Announcement Module
Collapse
No announcement yet.
POST method gets turned into GET method after secure redirect? Page Title Module
Move Remove Collapse
X
Conversation Detail Module
Collapse
  • Filter
  • Time
  • Show
Clear All
new posts

  • POST method gets turned into GET method after secure redirect?

    Hi,

    I'm encountering a strange issue. The ultimate error is:HTTP Status 405 - Request method 'GET' not supported

    My site allows users to browse most parts anonymously over HTTP.

    Some pages require the user to authenticate. Most of these pages are also forced over HTTPS. Most use cases work fine, however in one specific situation the user does a POST to an URL that requires authentication and also forces HTTPS. This results in the error: Request method 'GET' not supported.

    From looking at the request headers I can see the following:

    POST http://localhost/app/test HTTP/1.1

    HTTP/1.0 302 Moved Temporarily

    GET https://localhost/app/test HTTP/1.1

    HTTP/1.1 302 Moved Temporarily

    GET https://localhost/sign-in HTTP/1.1

    HTTP/1.1 200 OK

    POST https://localhost/j_spring_security_check HTTP/1.1

    HTTP/1.1 302 Moved Temporarily

    GET https://localhost/app/test HTTP/1.1

    HTTP/1.1 405 Method Not Allowed

    Any thoughts why the secure redirect turns the POST into a GET?

    I have tested POSTing to the same URL without forcing HTTPS and that works okay.

    Many thanks,
    Nes

  • #2
    The request is saved to the HttpSession to replay after authenticating. Try tracking the JSESSIONID to see if it is changing as you may be running into a variant of the http/https issue discussed on the FAQ.

    Comment


    • #3
      Apologies for the late response.

      I've have tracked JSESSIONID as suggested, but it is not changing - not after the 302 and not after the 405.

      It is the 302 redirect (that redirects HTTP to HTTPS) that changes the method from POST to GET.

      Any further help greatly appreciated...

      Nes

      Comment


      • #4
        Try adding a debug point to HttpRequestCache and see what URLs it is called on.

        Comment


        • #5
          I now created a smaller test case where I'm already logged in. Then posting to an HTTPS secured URL. Same 405 error is thrown.

          The debug log says:

          Request: FilterInvocation: URL: /app/test; ConfigAttributes: [REQUIRES_SECURE_CHANNEL]

          When you say add a debug point to HttpRequestCache, did you mean HttpSessionRequestCache (in package org.springframework.security.web.savedrequest)?

          Where exactly should I set the breakpoint?

          Thanks for your help so far!

          Nes

          Comment

          Working...
          X