[TYPO3-core] RFC #15621: Feature: TYPO3 misses page-option to force SSL oder Non-SSL to page

Dmitry Dulepov dmitry at typo3.org
Thu Sep 2 17:05:24 CEST 2010


Hi!

Ernesto Baschny [cron IT] wrote:
> Or maybe:
> 
> if ($_SERVER['REQUEST_METHOD'] === 'POST') {
> 	$headerCode = t3lib_utility_Http::HTTP_STATUS_303;
> } else {
> 	$headerCode = t3lib_utility_Http::HTTP_STATUS_301;
> }

This is better because the form can have a single button without "name"
attribute and use URL parameters with POST request. Thus $_POST will be
empty but the request is still POST. Same for AJAX request: request
/index.php?id=1&x=y and force POST using XHTTPRequest object parameters.

+1 to this code as it solves everything.

-- 
Dmitry Dulepov
TYPO3 core&security team member
Twitter: http://twitter.com/dmitryd
Read more @ http://dmitry-dulepov.com/


More information about the TYPO3-team-core mailing list