Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

POST/PATCH request via file_get_contents + stream_context_create switches to GET after a HTTP 308 redirect #11274

Closed
ThePHPF/thephp.foundation
#90
@ThiefMaster

Description

@ThiefMaster

Description

The following code:

<?phpechofile_get_contents('http://127.0.0.1:8080/test',false,stream_context_create(['http' => ['method' =>'POST','header' =>'Content-type: application/x-www-form-urlencoded','content' =>http_build_query(['hello' =>'world'])]]));echofile_get_contents('http://127.0.0.1:8080/test',false,stream_context_create(['http' => ['method' =>'PATCH','header' =>'Content-type: application/x-www-form-urlencoded','content' =>http_build_query(['hello' =>'world'])]]));echofile_get_contents('http://127.0.0.1:8080/test/',false,stream_context_create(['http' => ['method' =>'POST','header' =>'Content-type: application/x-www-form-urlencoded','content' =>http_build_query(['hello' =>'world'])]]));echofile_get_contents('http://127.0.0.1:8080/test/',false,stream_context_create(['http' => ['method' =>'PATCH','header' =>'Content-type: application/x-www-form-urlencoded','content' =>http_build_query(['hello' =>'world'])]]));

Resulted in this output:

{"method":"GET"}{"method":"GET"}{"hello":"world","method":"POST"}{"hello":"world","method":"PATCH"}

But I expected this output instead:

{"hello":"world","method":"POST"}{"hello":"world","method":"PATCH"}{"hello":"world","method":"POST"}{"hello":"world","method":"PATCH"}

The server on 127.0.0.1:8080 is this small Flask app (I'm not really a PHP person anymore so I couldn't be bothered to use PHP for this after not having written any PHP code in the last 15 or so years ;)):

fromflaskimportFlask,request,jsonifyapp=Flask(__name__)@app.route('/test/',methods=['GET','POST','PATCH'])deftest():returnjsonify(method=request.method,**request.form)app.run(port=8080)

When sending a request to the URL without the trailing slash, it uses a HTTP 308 redirect to redirect to the URL with that slash.
Clients are required to keep the method and payload when encountering such a redirect:

SeeMDN:

The request method and the body will not be altered, whereas301 may incorrectly sometimes be changed to aGET method.

And evenRFC7538 specifying this status code is pretty clear about the expected behavior from clients:

Note: This status code is similar to 301 (Moved Permanently) ([RFC7231], Section 6.4.2), except that it doesnot allow changing the request method from POST to GET.

PHP Version

8.2.6

Operating System

No response

Metadata

Metadata

Assignees

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions

    [8]ページ先頭
    ©2009-2025 Movatter.jp