Home » Html » How do you force a web browser to use POST when getting a url?

How do you force a web browser to use POST when getting a url?

Posted by: admin November 30, 2017 Leave a comment

Questions:

How do you force a web browser to use POST when getting a url?

Answers:

Use an HTML form that specifies post as the method:

<form method="post" action="/my/url/">
    ...
    <input type="submit" name="submit" value="Submit using POST" />
</form>

If you had to make it happen as a link (not recommended), you could have an onclick handler dynamically build a form and submit it.

<script type="text/javascript">
function submitAsPost(url) {
    var postForm = document.createElement('form');
    postForm.action = url;
    postForm.method = 'post';
    var bodyTag = document.getElementsByTagName('body')[0];
    bodyTag.appendChild(postForm);
    postForm.submit();
}
</script>
<a href="/my/url" onclick="submitAsPost(this.href); return false;">this is my post link</a>

If you need to enforce this on the server side, you should check the HTTP method and if it’s not equal to POST, send an HTTP 405 response code (method not allowed) back to the browser and exit. Exactly how you implement that will depend on your programming language/framework, etc.

Questions:
Answers:
<form method="post">

If you’re GETting a URL, you’re GETting it, not POSTing it. You certainly can’t cause a browser to issue a POST request via its location bar.

Questions:
Answers:

I have a feeling from your question you were just hoping to send a post request in a browser’s address bar.

Just type the following into the address bar swapping the value for ‘action’ to the url that you like.

data:text/html,<body onload="document.body.firstChild.submit()"><form method="post" action="http://stackoverflow.com">

It’s invalid html, but the browser’s (at least all the ones i’ve tested it in so far) know what you mean, and I wanted to keep it as short as I could.

If you want to post values, append as many inputs as you like, swapping name and value in each input for whatever you like.

<input value="[email protected]" name="email">
<input value="passwordsavedinhistory" name="password">

It’s important to note that sensitive information you post will be visible in:

  • your history
  • your address bar
  • your browser’s autocomplete.
  • possibly other sites that you visit from the same tab
  • probably plenty of other things too

It’s a really bad way to send a post request, and all the other answers are far better, but it’s still cool that you can do it.

Questions:
Answers:

If you’re trying to test something, I’d suggest using Fiddler to craft your http requests. It will allow you to specify the action verb (GET, POST, PUT, DELETE, etc) as well as request contents. If you’re trying to test a very specific request from a link but with POST instead, then you can monitor the requests your browser is making and reissue it only with the modified POST action.

Questions:
Answers:

you can not force any web browser to send the url with POST header. But to test a POST request url , I can suggest “POSTER” extention of chrome and mozilla

Questions:
Answers:

The above submitAsPost() function is a good and elegant solution but it has a problem – if the URL is too long some browsers (including Firefox and IE) will return an error. Since many of us use POST in order to bypass this very limitation, I suggest this solution:

// submit a URL using post
function submitAsPost(url) {
    var bodyTag = document.getElementsByTagName('body')[0];
    var postForm = document.createElement('form');
    bodyTag.appendChild(postForm);
    postForm.method = 'POST';

    var serverAndParams = url.split("?");
    postForm.action = serverAndParams[0];
    var params = null;
    try
    {
      var paramsAndHash = serverAndParams[1].split("#");
      params = paramsAndHash[0]; 
      var attrList = params.split("&");
      for (var i = 0; i < attrList.length; i++)
      {
        try
        {
          var keyValue = attrList[i].split("=");
          var el = document.createElement('input');
          el.type="hidden";
          el.name=keyValue[0];
          var value = keyValue[1];
          value = value.replace(/\+/g, ' ');
          el.value=decodeURIComponent(value);
          postForm.appendChild(el);
        }
        catch(error){}
      } 
    }
    catch(error){}

    postForm.submit();
    bodyTag.removeChild(postForm);
}

Tested with Firefox, Chrome and IE.

Questions:
Answers:

You can use a tool to test. I’m always asking the same question as you. There is quite a few tools available online. Here is the tool that I use: http://www.hurl.it/

Questions:
Answers:

I know this question is old but someone may find this useful. You can use a command line tool like cURL (http://curl.haxx.se/) to post to a URL.

Example:

curl -v  --basic --user username:password --request POST "http://www.theurltopostto.com"

Questions:
Answers:

This is a little late in the game but I ran across this and found that HTML 5 made some changes. You can use the input tag to add formmethod (thus selecting post). This worked for me.

see : http://www.w3schools.com/tags/att_input_formmethod.asp

Questions:
Answers:

If you had the problem of doing:

request.open('POST',url,true);
request.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
request.send("data="+JSON.stringify(data));

and in dev tools you still se it is doing a GET then that means that your url is in the following format:

http://example.com/folder

Meaning it should be:

http://example.com/folder/

Its a very bizarre error maybe not related with your question but I ve had it a couple of times and it should be out there as it looks seriously dangerous. This happened to me when using an apache 2 server on Ubuntu 14.04, with not much configuration.