views:

33

answers:

1

Sorry if the question is ambiguous, I wasn't sure how to word it succinctly.

Anyway, here's the deal. I am creating a browser extension with an upload manager for doing some processing of POST uploads.

So before I pass along the POST request I send an intermediate POST request to the same URL with some special headers which will return information about what I need to do to the original POST data before I send it. The headers are processed by an ISAPI filter and the intermediate request is never seen by the underlying web application. Then the browser extension will perform some processing on the original POST request and send it.

This all works fine. Except that it will only work when connected to a server that has my ISAPI filter installed, and the behavior is undefined on any other server that does not.

So I'm looking for some ideas to determine if a server supports the functionality by possibly adding something to the intermediate request that will trip a predictable error from the web server.

I have tried setting something in the "Expect" header of the request, but this does not seem reliable; a lot of web applications will just ignore this.

I have tried changing the "Accept" header to something strange, but it's ignored too.

One thing I've tried that seems to work is to use a special request method like MYPOST, which seems to result in a 403, 405 or 501 error on most of the servers that I've tried it with. But I have a feeling that this will cause problems with some proxies, and may just be interpreted as a GET on some servers. Not sure though.

Any other ideas?

+1  A: 

If your ISAPI DLL can be configured to be called for specific URLs, then that would give you a reliable 404 error on servers that do not have the DLL installed.

Remy Lebeau - TeamB
That's another option that I've been considering. Some server extensions will handle arbitrary URLs in ways other than generating 404s. However, it's something that at least shouldn't generate any side effects on an unsupported server, and I can just check the response header for our server signature if it doesn't generate a 404. So it may still be the best option.
Gerald