[TYPO3-core] RFC #15621: Feature: TYPO3 misses page-option to force SSL oder Non-SSL to page
Dmitry Dulepov
dmitry at typo3.org
Thu Sep 2 17:05:24 CEST 2010
Hi!
Ernesto Baschny [cron IT] wrote:
> Or maybe:
>
> if ($_SERVER['REQUEST_METHOD'] === 'POST') {
> $headerCode = t3lib_utility_Http::HTTP_STATUS_303;
> } else {
> $headerCode = t3lib_utility_Http::HTTP_STATUS_301;
> }
This is better because the form can have a single button without "name"
attribute and use URL parameters with POST request. Thus $_POST will be
empty but the request is still POST. Same for AJAX request: request
/index.php?id=1&x=y and force POST using XHTTPRequest object parameters.
+1 to this code as it solves everything.
--
Dmitry Dulepov
TYPO3 core&security team member
Twitter: http://twitter.com/dmitryd
Read more @ http://dmitry-dulepov.com/
More information about the TYPO3-team-core
mailing list