Consider the following code; it's basically a form that sends some data via HTTP POST. When the POST data come, the Refresh HTTP header is sent.
<?php
if (!empty($_POST))
{
header("Refresh: 5; URL=http://$_SERVER[SERVER_NAME]$_SERVER[REQUEST_URI]");
}
?>
<!doctype html>
<form method=post>
<input type=hidden name=foo value=bar>
<input type=submit>
</form>
<?php
echo "The location was requested using the HTTP $_SERVER[REQUEST_METHOD] method; \$_POST = ".var_export($_POST, 1);
?>
Now, do this:
- Open it in Firefox browser (I've created a demo here; I use 6.0.1 on Debian).
- Submit the form. Obviously, the browser performed an HTTP POST request. Note that the
Refresh
HTTP header came with the response. - Wait for 5 seconds. Now the
Refresh
header is being applied and the location will be redirected to itself. - Firefox performed a GET request. It is definitely GET because both Firebug and PHP's
$_SERVER['REQUEST_METHOD']
say it. - Press
F5
key. Since the last performed HTTP request was a GET request, one would expect that all POST data from previous requests will be lost. However, a dialog box appears and asks me to resend POST data:
To display this page, Iceweasel must send information that will repeat any action (such as a search or order confirmation) that was performed earlier.
So, my question is - why are the POST data still here? Is this a bug or intended behaviour? Note that use of any of the following will cause the loss of POST data (the expected behaviour):
Location
header instead ofRefresh
- Different value of
URL=
parameter ofRefresh
header (the user will be redirected to another location). - Another browser (I've tested Internet Explorer 9.0.2 and Chromium 6.0).