Home Redirect to URI sends back the POSTed params added in browser's URL bar
Reply: 0

Redirect to URI sends back the POSTed params added in browser's URL bar

user1725
1#
user1725 Published in April 26, 2018, 1:46 pm

Grails Version: 3.3.4, Groovy Version: 2.4.14, JVM Version: 1.8.0_161, Kubuntu 14.04

I wrote a simple authentication form (in the end it will be POSTed through https):

<form action='auth' method='POST' id='loginForm' class='cssform' autocomplete='off'>
<p>
    <label for='j_username'>Login ID</label>
    <input type='text' class='text_' name='j_username' id='j_username' />
</p>
<p>
    <label for='j_password'>Password</label>
    <input type='password' class='text_' name='j_password' id='j_password' />
</p>
<p>
    <input type='submit' value='Login' />
</p>

The controller is:

class LoginController {

def index()  {
    if (session.user?.name == 'test') {
        render view: '/login/youarealreadyin'
    }
    else {
        render view: '/login/auth'
    }
}

def auth() {
    def loginName = params.j_username?.trim()
    def pass = params.j_password?.trim()

    if (loginName == 'test' && pass == 'TEST' ) {
        session.user = [name: loginName]
        redirect uri: '/'
    }
    else {
        render view: '/login/denied'
    }
}

}

After correct login and redirect to uri: '/' - I see the name and password in the URL field of the browser:

http://localhost:8080/?j_username=test&j_password=TEST

I could swear that this didn't happen with grails 3 in the first versions... I cannot remember when...

It would be nice, not to send back the POSTed password as GET params in the URL.

If I render a specific view instead to redirect it doesn't happen.

You need to login account before you can post.

About| Privacy statement| Terms of Service| Advertising| Contact us| Help| Sitemap|
Processed in 0.483221 second(s) , Gzip On .

© 2016 Powered by mzan.com design MATCHINFO