Forced HTTPS Causes request to change from POST to GET

E T asked:

I recently implemented the following virtual host settings in my apache2.conf file:

   # force HTTPS
    RewriteCond %{HTTP:X-Forwarded-Proto} !https
    RewriteCond %{REQUEST_URI} !^/path1.html
    RewriteCond %{REQUEST_URI} !^/path2.html
    #RewriteCond %{REQUEST_URI} ^/path3.html
    #RewriteCond ${REQUEST_URI} !^/index.html
    RewriteRule . https://%{SERVER_NAME}%{REQUEST_URI} [L,R=301]

One of the services that I’m integrating with communicates with my service using HTTP POST. However, they noticed that since implementing this config and making a call to http://, when my server forces the call to be made over https, the request type is changed from POST to GET and the POST messages are dropped. I was wondering if there was a way to update this code to force the original POST/GET method to be kept intact.

My answer:

The calling service is broken, but there’s not much you can do about it unless you can fix the caller. From RFC 2616:

Note: When automatically redirecting a POST request after receiving a 301 status code, some existing HTTP/1.0 user agents will erroneously change it into a GET request.

Your options are:

  • Fix the calling service so that it follows redirects properly.
  • Have the calling service use the https URL.
  • Don’t redirect http to https for this service.

View the full question and any other answers on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.