I am using a Dataset to send a 'POST' request to a specific url. The request is getting through to the server, however the body of the HTTP request is null. I would have thought that the data within the Dataset object would be added to the post request as the body. Is this assumption correct?

For example, I am using the following dataset in my .lzx file:

<dataset name="transactionSet">
<transaction reversal='false' effective="01/01/2003" currencyCode='CAD'>
<entry/>
</transaction>
</dataset>

I need the transaction entity to be added to the body of the POST request.
When a button is clicked, I use Javascript to set the 'src' attribute of the dataset, call setQuery('POST'), and then call doRequest().

Has anyone encountered this problem? Is there a better way to approach this in Laszlo?

No that's not how it works. If you want to send XML data back, you have to manually add it to the query string. Something like:


var myData = transactionSet.getPointer().serialize();
transactionSet.setQueryString( {d : myData} );
transactionSet.setQueryType( 'POST' );
transactionSet.doRequest();


... would set a CGI POST variable called 'd' to the value of the XML.

-Antun

Ok, I added the dataset node using the setQueryString() method, as you suggested.
My data came across on the query string (not in the body of the request). I can live with getting the argument off of the query string instead. Thank-You.

But this has raised a new concern. It appears that the 'POST' request I sent ended up being redirected to my web application as a 'GET' request by the lps core, and the query string has been written out to a log file. This is a bit of a security concern for us because we need to send financial data, passwords, etc as arguments in the request. Having them written out to a log file leaves the system open to abuse (anyone with access to the server could pull out a customer's bank account number or username/password).

Is there anything you can recommend to workaround this?

Cheers!

I think that by turning down the level of logging below INFO (maybe to WARN, ERROR or FATAL) in the log4j.properties file, you can avoid this. See the Deployer's Guide for more info on logging:

http://www.laszlosystems.com/developers/learn/documentation/deployers-guide-v1.php#logfile

I will raise this issue for you. Is there a reason you're sending all the XML data back?

-Antun

I would appreciate it if you could raise this issue. It is a concern for us that we can't send a proper POST request. The log4j solution could probably be changed back by an administrator, and I'm not sure what else might be capable of logging requests to the server(not too mention what a hacker could do).

The reason we send back xml is that we do not use a database. We persist all of our data in XML (it is encrypted and not on the same machine as the app server), and all of our java classes have xml data binding functionality. We are also using a REST architecture, so when a client adds/edits something, it is done through a POST/PUT request to the server. For example, if you wanted to add a new person, you would POST the following xml (preferably in the body of the POST):

<person fname="John" lname="Doe">
<address/>
</person>

These objects can sometimes contain sensitive info.

Anyhow, it would be helpful to know why we can't add the body of the request. If possible, maybe it could be added as a feature request?

Regards.

Well for the time being if you post from an app, it will POST to the back end (e.g. to your web service), but the client-LPS leg will be a GET request. It is this GET request that's being logged.

The reason we don't support POST from the client right now is because not all browsers support POST from the Flash runtime.

Does that help?

-Antun

I appreciate that there are problems with browser support for various http requests (we don't use PUT and DELETE for the same reason). I wasn't aware of a problem with POST requests from the flash runtime.

However, we NEED to POST the data. Your documentation seemed to suggest that it was possible to send a POST request from the client to the server(you may want to try to be a little more explicit about this shortcoming). We could potentially be sending large XML objects across, and there is a limit on the size of the query string in a GET request(for example, in IE the limit is 2048 characters for both a GET and a POST). This doesn't leave us much of an option (other than redefining our entire achitecture).

Would it be possible to include full POST support in Laszlo with a warning to the user that it only works in certain browsers? Which browsers support POST from the Flash runtime? Is there any other possible workaround? Do you support any other protocol?

-Caleb

Hi Antun,

as a follow up to my previous reply, I tried sending a very large xml object in the query string (I am using Mozilla 1.2.1 for Mac OSX and jboss 3.0.4).

It appears that the query string is being truncated to 4096 characters each time in the log. We were wondering if it might have just been the log that was doing the truncating, but the actual request never makes it through to our servlet. When we reduce the size of the object being sent(all other factors remaining the same) then the request does get through to the servlet(so there is no error in the request we are making).

It is possible that JBoss is doing this (very possible) because we tried hitting the same url using wget and the same thing happened. I will check to see if JBoss is configurable on the length of the query string.

Do you know for a fact if Laszlo truncates the query string?

-Caleb

Hi antun,

with regards to my previous replies, I was able to resolve the problem with the query string. I had to modify a Jetty config file setting to increase the size of the socket listener buffer. Basically, you need to add an xml tag to the group that instantiates your listeners as follows:


<Set name='BufferSize'>16534</Set>

Just below the following tag:

<Set name='Port'>8080</Set>

Hopefully this can help anyone else who runs into the problem.

Thanks again for your suggestions!

Originally posted by k-billy
Would it be possible to include full POST support in Laszlo with a warning to the user that it only works in certain browsers? Which browsers support POST from the Flash runtime?

This has actually been already logged as a feature request already. There are problems with Netscape 6 on Mac OS9, and Internet Explorer 4 on the Mac, as far as I know. I believe there are a couple of other quirks with POST from the Flash client.

We are working on this.

Take care,

Antun

Originally posted by k-billy
Do you know for a fact if Laszlo truncates the query string?

No, the LPS does not truncate the query string.

-Antun