Open Bug 735323 Opened 13 years ago Updated 2 years ago

POST request replaced by GET

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Version:
10 Branch
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: developer, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:10.0.2) Gecko/20100101 Firefox/10.0.2 Build ID: 20120215223356 Steps to reproduce: I have developed a website which interacts with Paypal. On returning to the website from Paypal firefox is asked to generate a POST request where the URI contains query string E.G. .../ws.pl?page=ppreturn. Details of the purchase are included on the POST request. Actual results: A GET request is generated based on the URI and the purchase details appear to be dropped (ignored). Expected results: A POST request should have been generated. This is what used to happen and, from apache log evidence, is what most (if not all) other browsers do.
OS: Windows 7 → All
Hardware: x86_64 → All
What are the steps to reproduce ? A testcase either as attachment or as URL seems to be necessary.
(In reply to Matthias Versen (Matti) from comment #1) > What are the steps to reproduce ? > A testcase either as attachment or as URL seems to be necessary. I haven't had chance to produce a testcase as yet. I guess the steps to reproduce the fault would be to generate a form with name/value pair submitted to a server via the post method to a url which includes a query string (E.G. http://www.somewebsite.net/ws.cgi?page=ppreturn) as mentioned above then examine the server logs to determine whether a GET or POST was received. I'm sorry my submission does not match the heading of 'Steps to reproduce' but the bugzilla form asked what I did not how to recreate it.
My testcase at http://www.joshmatthews.net/formtest.php which tests posting to a url that includes a query string does not display this behaviour.
steps leading to this are as follows: 1. my websitegenerates a form which submitted to paypal. the options in the form request paypal generate a button which will return to my site using post (rm=2). 2. paypal processes the request and user clicks on said button. 3. apache logs at my server show that firefox sends a get request whereas all other (as far asi can tell) browsers are generating post requests. If anyone can suggest an alternative reason for this I would be glad to hear it.
Do you know if your site shows this behaviour in previous versions of Firefox?
my site accepts entries for an annual sports tournament so it only gets exercised at this time of year. The website has been using essentially the same code to process entries for 6 or 7 years. This is the first year that I have seen this problem. I can say, therefore, that this behaviour has been introduced in the last 12 months. The logs show the problem with version 9 and 10. I am not aware of anyone attempting to enter with an older version.
Since you're in the best position to identify and reproduce the problem, would you be able to help us figure out a regression range? http://mozilla.github.com/mozregression/ is a tool that will grab intermediate versions of Firefox between 8 and 9 and allow you to specify whether a given version works or is broken. I think giving it 2011-09-27 as a starting date should give you the correct range for when this problem was introduced.
I will give it a go.
I have been unable to install mozregression on my PCs (FC14 / FC16). However I have recreated the fault using a paypal sandbox. I found that paypal now generates an intermediate page which then redirects to the page on my site. In this case I tested firefox and google chrome. Firefox generated a get request to my site whereas chrome generated a post request. The source of the paypal page is shown below: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <!-- Script info: script: merchantpaymentweb, cmd: _flow, template: xpt/Checkout/wps/Redirect, date: Mar 1, 2012 10:36:36 PST; country: US, language: en_US, xslt server: web version: 87.0-2649250 branch: BWR_870_int content version: - pexml version: 87.0-2649147 page XSL: Checkout/default/en_US/wps/Redirect.xsl hostname : PIdNt4OmVN0qSlRyavGDKeGYJExyTNpy65.m88NgXl8 rlogid : uJ2QjdWzGwyoNo9spwVvFwMY%2f%2fP%2bcIYRT65ERcdjgkw2NIby9F53NU%2b2UmRNrN6zVhfQKJywpCo%3d_13618a08936 --> <title>Thanks for your order - PayPal</title><meta http-equiv="refresh" content="5;url=http://www.birminghaminternationalfencing.org.uk/bift.pl?page=entryreturn"> <!--googleoff: all--> <meta name="description" content="PayPal is the safer, easier way to pay online without revealing your credit card number."> <!--googleon: all--> <meta http-equiv="X-UA-Compatible" content="IE=9"><link media="screen" rel="stylesheet" type="text/css" href="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/css/core/xptdev.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/css/core/global.css"><link rel="stylesheet" type="text/css" href="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/Checkout/css/checkout.css"> <!--[if IE 8]><link media="screen" rel="stylesheet" type="text/css" href="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/css/browsers/ie8.css"><![endif]--> <!--[if IE 7]><link media="screen" rel="stylesheet" type="text/css" href="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/css/browsers/ie7.css"><![endif]--> <!--[if lte IE 6]><link media="screen" rel="stylesheet" type="text/css" href="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/css/browsers/ie6.css"><![endif]--> <link rel="stylesheet" type="text/css" href="https://www.sandbox.paypal.com/css/sandbox.css"><style type="text/css" id="antiClickjack">body{display:none !important;}</style><script type="text/javascript"> if (self === top) { var antiClickjack = document.getElementById("antiClickjack"); antiClickjack.parentNode.removeChild(antiClickjack); } else { top.location = self.location; } </script><script type="text/javascript" src="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/js/lib/min/global.js"></script><script type="text/javascript">PAYPAL.util.lazyLoadRoot = 'https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1';</script><link rel="shortcut icon" href="https://www.sandbox.paypal.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.sandbox.paypal.com/en_US/i/pui/apple-touch-icon.png"></head><body class="xptSandbox"><noscript><style type="text/css">body{display:block !important;}</style><p class="nonjsAlert">NOTE: Many features on the PayPal Web site require Javascript and cookies. You can enable both via your browser's preference settings.</p></noscript><div class="" id="stdpage"><div id="header"><h1 class="confidential">fblogs@hotmail.com</h1></div><hr><div id="content"><div id="headline"><h1 class="accessAid">Thanks for your order</h1> </div><div id="messageBox"></div><div id="main"><form method="post" id="merchantredirectform" name="merchantredirectform" action="http://www.birminghaminternationalfencing.org.uk/bift.pl?page=entryreturn" class=""><input type="hidden" name="mc_gross" value="22.00"><input type="hidden" name="protection_eligibility" value="Ineligible"><input type="hidden" name="payer_id" value="6B8Y32Q2BJCSG"><input type="hidden" name="tax" value="0.00"><input type="hidden" name="payment_date" value="16:07:45 Mar 15, 2012 PDT"><input type="hidden" name="payment_status" value="Pending"><input type="hidden" name="charset" value="windows-1252"><input type="hidden" name="first_name" value="Ian"><input type="hidden" name="option_selection1" value='"fred (12345)"'><input type="hidden" name="option_selection2" value='"aclub fc (GBR)"'><input type="hidden" name="notify_version" value="3.4"><input type="hidden" name="custom" value="Address: address pcode"><input type="hidden" name="payer_status" value="verified"><input type="hidden" name="quantity" value="1"><input type="hidden" name="payer_email" value="blah_1331763913_per@hotmail.com"><input type="hidden" name="verify_sign" value="AkW86ThVzxFtVo4dJTuCLppKusqpAq2Gvks4wkQ22r58BCQSoIpyMJb8"><input type="hidden" name="option_name1" value="Competitor"><input type="hidden" name="option_name2" value="Affilliation"><input type="hidden" name="txn_id" value="1GE453685L859102T"><input type="hidden" name="payment_type" value="instant"><input type="hidden" name="last_name" value="Bullock"><input type="hidden" name="receiver_email" value="fblogs@hotmail.com"><input type="hidden" name="pending_reason" value="unilateral"><input type="hidden" name="txn_type" value="web_accept"><input type="hidden" name="item_name" value="2012 Tournament Entry -- Men's Epee"><input type="hidden" name="mc_currency" value="GBP"><input type="hidden" name="item_number" value=""><input type="hidden" name="residence_country" value="US"><input type="hidden" name="test_ipn" value="1"><input type="hidden" name="handling_amount" value="0.00"><input type="hidden" name="transaction_subject" value="Address: address pcode"><input type="hidden" name="payment_gross" value=""><input type="hidden" name="shipping" value="0.00"><div class="layout1"><div class="rounded maxWidth"><div class="top"> </div><div class="body clearfix"><div id="secureCheckout" class="lockLogo"><img src="https://www.sandbox.paypal.com/en_US/i/logo/logo_paypal_lockup_97x21.gif" border="0" alt="PayPal"></div><h2>Thanks for your order</h2><p>Your payment of is complete.</p><p></p><p> If you are not redirected within 10 seconds, <span class="buttonAsLink"><input type="submit" value="click here" id="merchantReturnLink" name="merchant_return_link" class=""></span>.</p><img src="https://altfarm.mediaplex.com/ad/bk/3484-16283-2054-9?MerchPayFlow=1&amp;mpuid=82392488PB784570X;;0;USD" border="0" alt=""></div><div class="bottom"> </div></div><script type="text/javascript"> PAYPAL.util.Event.onDomReady( function() { setTimeout("document.forms.merchantredirectform.submit()", 4000); } ); </script></div></form></div></div><div id="footerhps"><p>PayPal. The safer, easier way to pay.</p><p>For more information, read our <a target="_blank" href="https://www.sandbox.paypal.com/us/cgi-bin/merchantpaymentweb?cmd=p/gen/ua/ua_pop-outside&amp;country.x=US" onClick="PAYPAL.core.openWindow(event, {width: 640, height: 300})">User Agreement</a> and <a target="_blank" href="https://www.sandbox.paypal.com/us/cgi-bin/merchantpaymentweb?cmd=p/gen/ua/policy_privacy_pop-outside&amp;country.x=US" onClick="PAYPAL.core.openWindow(event, {width: 640, height: 300})">Privacy Policy</a>.</p><div id="footerSandbox"><div id="sandboxFooter"><div class="nav-footer"></div><div id="testsite"><h1>Test Site</h1></div></div></div></div></div><script type="text/javascript" src="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/js/lib/min/widgets.js"></script> <!-- SiteCatalyst Code Copyright 1997-2005 Omniture, Inc. More info available at http://www.omniture.com --> <script type="text/javascript" src="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/js/site_catalyst/pp_jscode_paypalsandboxdev.js"></script> <script type="text/javascript"> s.prop1="xpt/Checkout/wps/Redirect"; s.prop6="82392488PB784570X"; s.prop7="personal"; s.prop8="verified"; s.prop9="unrestricted"; s.prop10="US"; s.prop20="1331853036"; s.prop35="in"; s.prop40="54c8964fe2396"; s.prop50="en_US"; s.eVar5="US"; s.eVar7="personal:verified:unrestricted"; s.eVar19="personal"; s.eVar28="tnc-e-wps-gxo-done"; s.eVar31="xpt/Checkout/wps/Redirect::_flow"; s.eVar50="uJ2QjdWzGwyoNo9spwVvFwMY%2f%2fP%2bcIYRT65ERcdjgkw2NIby9F53NU%2b2UmRNrN6zVhfQKJywpCo%3d_13618a08936"; s.pageName="xpt/Checkout/wps/Redirect::_flow"; s.prop56="no"; s.prop18=""; s.prop16=""; s.prop34="PayPalCredit:Servicing:CO:NoTransactions"; </script> <script type="text/javascript"><!-- /************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/ function scOnload(){var s_code=s.t();if(s_code)document.write(s_code);} if(window.addEventListener){ window.addEventListener('load',scOnload,false); }else if(window.attachEvent){ window.attachEvent('onload', scOnload); }; if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-') //--> </script><noscript><img src="//paypal.112.2O7.net/b/ss/paypalsandboxdev/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" /></noscript> <!--/DO NOT REMOVE/--> <!-- End SiteCatalyst Code --> </body></html>
I have been unable to install mozregression on my PCs (FC14 / FC16). However I have recreated the fault using a paypal sandbox. I found that paypal now generates an intermediate page which then redirects to the page on my site. In this case I tested firefox and google chrome. Firefox generated a get request to my site whereas chrome generated a post request. The source of the paypal page is shown below: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"> <html lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <title>Thanks for your order - PayPal</title><meta http-equiv="refresh" content="5;url=http://www.website.net/ws.pl?page=ppreturn"> <!--googleoff: all--> <meta name="..." content="PayPal is the safer, easier way to pay online without revealing your credit card number."> <!--googleon: all--> <meta http-equiv="X-UA-Compatible" content="IE=9"><link media="screen" rel="stylesheet" type="text/css" href="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/css/core/xptdev.css"><link media="screen" rel="stylesheet" type="text/css" href="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/css/core/global.css"><link rel="stylesheet" type="text/css" href="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/Checkout/css/checkout.css"> <link rel="stylesheet" type="text/css" href="https://www.sandbox.paypal.com/css/sandbox.css"><style type="text/css" id="antiClickjack">body{display:none !important;}</style><script type="text/javascript"> if (self === top) { var antiClickjack = document.getElementById("antiClickjack"); antiClickjack.parentNode.removeChild(antiClickjack); } else { top.location = self.location; } </script><script type="text/javascript" src="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/js/lib/min/global.js"></script><script type="text/javascript">PAYPAL.util.lazyLoadRoot = 'https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1';</script><link rel="shortcut icon" href="https://www.sandbox.paypal.com/en_US/i/icon/pp_favicon_x.ico"><link rel="apple-touch-icon" href="https://www.sandbox.paypal.com/en_US/i/pui/apple-touch-icon.png"></head><body class="xptSandbox"><noscript><style type="text/css">body{display:block !important;}</style><p class="nonjsAlert">NOTE: Many features on the PayPal Web site require Javascript and cookies. You can enable both via your browser's preference settings.</p></noscript><div class="" id="stdpage"><div id="header"><h1 class="confidential">fblogs@mail.com</h1></div><hr><div id="content"><div id="headline"><h1 class="accessAid">Thanks for your order</h1> </div><div id="messageBox"></div><div id="main"><form method="post" id="merchantredirectform" name="..." action="http://www.website.net/ws.pl?page=ppreturn" class=""><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value='"fred (12345)"'><input type="hidden" name="..." value='"aclub fc (GBR)"'><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><input type="hidden" name="..." value="..."><div class="layout1"><div class="rounded maxWidth"><div class="top"> </div><div class="body clearfix"><div id="secureCheckout" class="lockLogo"><img src="https://www.sandbox.paypal.com/en_US/i/logo/logo_paypal_lockup_97x21.gif" border="0" alt="PayPal"></div><h2>Thanks for your order</h2><p>Your payment of is complete.</p><p></p><p> If you are not redirected within 10 seconds, <span class="buttonAsLink"><input type="submit" value="..." id="merchantReturnLink" name="..." class=""></span>.</p><img src="https://altfarm.mediaplex.com/ad/bk/3484-16283-2054-9?MerchPayFlow=1&amp;mpuid=82392488PB784570X;;0;USD" border="0" alt=""></div><div class="bottom"> </div></div><script type="text/javascript"> PAYPAL.util.Event.onDomReady( function() { setTimeout("document.forms.merchantredirectform.submit()", 4000); } ); </script></div></form></div></div><div id="footerhps"><p>PayPal. The safer, easier way to pay.</p><p>For more information, read our <a target="_blank" href="https://www.sandbox.paypal.com/us/cgi-bin/merchantpaymentweb?cmd=p/gen/ua/ua_pop-outside&amp;country.x=US" onClick="PAYPAL.core.openWindow(event, {width: 640, height: 300})">User Agreement</a> and <a target="_blank" href="https://www.sandbox.paypal.com/us/cgi-bin/merchantpaymentweb?cmd=p/gen/ua/policy_privacy_pop-outside&amp;country.x=US" onClick="PAYPAL.core.openWindow(event, {width: 640, height: 300})">Privacy Policy</a>.</p><div id="footerSandbox"><div id="sandboxFooter"><div class="nav-footer"></div><div id="testsite"><h1>Test Site</h1></div></div></div></div></div><script type="text/javascript" src="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/js/lib/min/widgets.js"></script> <!-- SiteCatalyst Code Copyright 1997-2005 Omniture, Inc. More info available at http://www.omniture.com --> <script type="text/javascript" src="https://www.sandbox.paypal.com/MERCHANTPAYMENTWEB-640-20120304-1/js/site_catalyst/pp_jscode_paypalsandboxdev.js"></script> <script type="text/javascript"> s.prop1="xpt/Checkout/wps/Redirect"; s.prop6="82392488PB784570X"; s.prop7="personal"; s.prop8="verified"; s.prop9="unrestricted"; s.prop10="US"; s.prop20="1331853036"; s.prop35="in"; s.prop40="54c8964fe2396"; s.prop50="en_US"; s.eVar5="US"; s.eVar7="personal:verified:unrestricted"; s.eVar19="personal"; s.eVar28="tnc-e-wps-gxo-done"; s.eVar31="xpt/Checkout/wps/Redirect::_flow"; s.eVar50="uJ2QjdWzGwyoNo9spwVvFwMY%2f%2fP%2bcIYRT65ERcdjgkw2NIby9F53NU%2b2UmRNrN6zVhfQKJywpCo%3d_13618a08936"; s.pagename="..."; s.prop56="no"; s.prop18=""; s.prop16=""; s.prop34="PayPalCredit:Servicing:CO:NoTransactions"; </script> <script type="text/javascript"><!-- /************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/ function scOnload(){var s_code=s.t();if(s_code)document.write(s_code);} if(window.addEventListener){ window.addEventListener('load',scOnload,false); }else if(window.attachEvent){ window.attachEvent('onload', scOnload); }; if(navigator.appVersion.indexOf('MSIE')>=0)document.write(unescape('%3C')+'\!-'+'-') //--> </script><noscript><img src="//paypal.112.2O7.net/b/ss/paypalsandboxdev/1/H.6--NS/0?pageName=NonJavaScript" height="1" width="1" border="0" alt="" /></noscript> <!--/DO NOT REMOVE/--> <!-- End SiteCatalyst Code --> </body></html>
Could you create an HTTP log of you reproducing the problem using the directions at https://developer.mozilla.org/en/HTTP_Logging please? You may want to disable all plugins (Flash, Java, etc) first, because they can interfere with the logging... If you're willing to do that, please mention which URIs are involved in the redirect coming back from Paypal?
Component: HTML: Form Submission → DOM: Core & HTML
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.