BUG: IWebBrowser::Navigate May Incorrectly Send POST Request Instead of GET Request (315762)
The information in this article applies to:
- Microsoft Internet Explorer (Programming) 5.5 SP2
- Microsoft Internet Explorer (Programming) 6.0
This article was previously published under Q315762 SYMPTOMS
If you send a POST request that is followed by a GET request through the IWebBrowser::Navigate or the IWebBrowser2::Navigate2 method, the GET request becomes a POST request, and the POST data from the first request is posted. This may result in a security problem that posts sensitive data to another Web site.
CAUSE
Internet Explorer reuses an internal data structure from the first request (POST). Subsequently, Internet Explorer does not properly use this internal data structure with the simple GET request.
RESOLUTION
To work around this problem, send a more complicated GET request that forces Internet Explorer to re-create the internal data structure. To do this, send a navNoReadFromCache flag in the request as follows:
// Use COM directly (instead of going through MFC or ATL).
VARIANTARG vWorkaround;
VariantInit(&vWorkaround);
vWorkaround.vt = VT_I4;
vWorkaround.lVal = navNoReadFromCache;
hr = browser->Navigate(L"http://www.microsoft.com", &vWorkaround, &vDummy, &vDummy, &vDummy);
NOTE: When you use this workaround, you may have to resynchronize with the server instead of pulling from the cache.
STATUSMicrosoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article. REFERENCESFor additional information, click the article number below
to view the article in the Microsoft Knowledge Base:
148942 How to Capture Network Traffic with Network Monitor
Modification Type: | Major | Last Reviewed: | 5/10/2003 |
---|
Keywords: | kbbug kbpending KB315762 |
---|
|