Loading ...
Sorry, an error occurred while loading the content.

Methods other than GET and POST

Expand Messages
  • Ross Thomas
    Does Apache::ASP directly support request methods other than GET and POST? From a quick grep of the module I d say it doesn t, but it s worth asking. I m
    Message 1 of 7 , Apr 30, 2002
    • 0 Attachment
      Does Apache::ASP directly support request methods other than GET and POST?
      From a quick grep of the module I'd say it doesn't, but it's worth asking.

      I'm interested in using at least the PUT and DELETE methods in a project I'm
      working on.

      --
      Regards,
      Ross Thomas



      ---------------------------------------------------------------------
      To unsubscribe, e-mail: asp-unsubscribe@...
      For additional commands, e-mail: asp-help@...
    • Kulp, David
      On a related note, Apache::ASP doesn t actually check the request method. This can cause a nasty problem. I wrote an ASP page that returned an excel table
      Message 2 of 7 , Apr 30, 2002
      • 0 Attachment
        On a related note, Apache::ASP doesn't actually check the request method.
        This can cause a nasty problem.

        I wrote an ASP page that returned an excel table based on POST parameters.
        Internet Explorer will then send several different URL requests to the
        server including the same ASP URL but with the OPTIONS method and no
        parameters. This caused my ASP to be executed again without parameters
        which triggered a big database query and serious load problems. (Of course
        I should have a safety net for parameterless queries, but that's a different
        issue.)

        My scripts now always have on start:

        if ($Request->{Method} !~ /GET|POST/) {
        $Response->{Status} = 500;
        $Response->End();
        }

        -d


        -----Original Message-----
        From: Ross Thomas [mailto:ross@...]
        Sent: Tuesday, April 30, 2002 5:55 PM
        To: asp@...
        Subject: Methods other than GET and POST


        Does Apache::ASP directly support request methods other than GET and POST?
        From a quick grep of the module I'd say it doesn't, but it's worth asking.

        I'm interested in using at least the PUT and DELETE methods in a project I'm
        working on.

        --
        Regards,
        Ross Thomas



        ---------------------------------------------------------------------
        To unsubscribe, e-mail: asp-unsubscribe@...
        For additional commands, e-mail: asp-help@...

        ---------------------------------------------------------------------
        To unsubscribe, e-mail: asp-unsubscribe@...
        For additional commands, e-mail: asp-help@...
      • Joshua Chamas
        ... Ross, David is correct, Apache::ASP does no special handling of non-GET/POST requests. So you could put similar code to the above in your global.asa
        Message 3 of 7 , Apr 30, 2002
        • 0 Attachment
          "Kulp, David" wrote:
          >
          > On a related note, Apache::ASP doesn't actually check the request method.
          > This can cause a nasty problem.
          >
          > I wrote an ASP page that returned an excel table based on POST parameters.
          > Internet Explorer will then send several different URL requests to the
          > server including the same ASP URL but with the OPTIONS method and no
          > parameters. This caused my ASP to be executed again without parameters
          > which triggered a big database query and serious load problems. (Of course
          > I should have a safety net for parameterless queries, but that's a different
          > issue.)
          >
          > My scripts now always have on start:
          >
          > if ($Request->{Method} !~ /GET|POST/) {
          > $Response->{Status} = 500;
          > $Response->End();
          > }
          >

          Ross,

          David is correct, Apache::ASP does no special handling of non-GET/POST
          requests. So you could put similar code to the above in your global.asa
          Script_OnStart event to handle the PUT/DELETE as you see fit. If
          you think your code would be a valuable contribution to the project
          it may be possible to integrate it into Apache::ASP directly.

          --Josh
          _________________________________________________________________
          Joshua Chamas Chamas Enterprises Inc.
          NodeWorks Founder Huntington Beach, CA USA
          http://www.nodeworks.com 1-714-625-4051

          ---------------------------------------------------------------------
          To unsubscribe, e-mail: asp-unsubscribe@...
          For additional commands, e-mail: asp-help@...
        • Ross Thomas
          ... You should really use GET to get data, but then I m hyper-critical ;) ... Perhaps some kind of option along the lines of DenyUnusualMethods could be set to
          Message 4 of 7 , Apr 30, 2002
          • 0 Attachment
            > I wrote an ASP page that returned an excel table based on POST parameters.

            You should really use GET to get data, but then I'm hyper-critical ;)

            > My scripts now always have on start:
            >
            > if ($Request->{Method} !~ /GET|POST/) {
            > $Response->{Status} = 500;
            > $Response->End();
            > }

            Perhaps some kind of option along the lines of DenyUnusualMethods could be
            set to true to have Apache::ASP deal with this automatically? Shouldn't be
            too hard to implement.

            --
            Regards,
            Ross Thomas



            ---------------------------------------------------------------------
            To unsubscribe, e-mail: asp-unsubscribe@...
            For additional commands, e-mail: asp-help@...
          • Ross Thomas
            ... I was thinking more about automatic handling of PUT data. It would probably be a good idea for Apache::ASP to at least attempt to handle it, such as by
            Message 5 of 7 , Apr 30, 2002
            • 0 Attachment
              > David is correct, Apache::ASP does no special handling of non-GET/POST
              > requests. So you could put similar code to the above in your global.asa
              > Script_OnStart event to handle the PUT/DELETE as you see fit.

              I was thinking more about automatic handling of PUT data. It would probably
              be a good idea for Apache::ASP to at least attempt to handle it, such as by
              making the data accessible through $Request->Form. I shall take a look at
              the module tomorrow and try to implement this.

              DELETE, on the other hand, should need no special handling since it contains
              no data.

              --
              Regards,
              Ross Thomas



              ---------------------------------------------------------------------
              To unsubscribe, e-mail: asp-unsubscribe@...
              For additional commands, e-mail: asp-help@...
            • Joshua Chamas
              ... I believe this should be done as an Apache configuration, for example: Order allow,deny Deny from all Apache::ASP
              Message 6 of 7 , Apr 30, 2002
              • 0 Attachment
                Ross Thomas wrote:
                >
                > > I wrote an ASP page that returned an excel table based on POST parameters.
                >
                > You should really use GET to get data, but then I'm hyper-critical ;)
                >
                > > My scripts now always have on start:
                > >
                > > if ($Request->{Method} !~ /GET|POST/) {
                > > $Response->{Status} = 500;
                > > $Response->End();
                > > }
                >
                > Perhaps some kind of option along the lines of DenyUnusualMethods could be
                > set to true to have Apache::ASP deal with this automatically? Shouldn't be
                > too hard to implement.
                >

                I believe this should be done as an Apache configuration, for example:

                <Limit PUT DELETE OPTIONS>
                Order allow,deny
                Deny from all
                </Limit>

                Apache::ASP scripts just run when called, but controlling
                the access to the scripts should not need another config
                that is ASP specific. I hesitate to add any config paramters
                unnecessarily because the bloat of them adds to the runtime
                overhead of processing scripts for everyone.

                -- Josh
                _________________________________________________________________
                Joshua Chamas Chamas Enterprises Inc.
                NodeWorks Founder Huntington Beach, CA USA
                http://www.nodeworks.com 1-714-625-4051

                ---------------------------------------------------------------------
                To unsubscribe, e-mail: asp-unsubscribe@...
                For additional commands, e-mail: asp-help@...
              • Ross Thomas
                ... Good point, and much more configurable. That way you can do stuff like limiting certain request methods to authenticated users, etc. -- Regards, Ross
                Message 7 of 7 , May 1, 2002
                • 0 Attachment
                  > I believe this should be done as an Apache configuration, for example:
                  >
                  > <Limit PUT DELETE OPTIONS>
                  > Order allow,deny
                  > Deny from all
                  > </Limit>

                  Good point, and much more configurable. That way you can do stuff like
                  limiting certain request methods to authenticated users, etc.

                  --
                  Regards,
                  Ross Thomas



                  ---------------------------------------------------------------------
                  To unsubscribe, e-mail: asp-unsubscribe@...
                  For additional commands, e-mail: asp-help@...
                Your message has been successfully submitted and would be delivered to recipients shortly.