tags:

views:

153

answers:

1

I work for a large-ish advertising company. We've created a very lightweight clone of the PayPal IPN so we can offer CC Processing services for our top advertisers.

Like the PP IPN, it's a simple RESTful interface.

I deliberately instructed our admin guys to configure the vhost for this web app to only respond to requests on port 443.

This particular question is beyond my HTTP Protocol knowledge:

This may vary from browser to browser, but when a user submits a form, and the ACTION for that form is, say http://www.somesite.com, if the browser cannot resolve that site, does the post payload ever get sent over the wire?

I know this is a bit esoteric and it's more of an implementation question than something that exists in the HTTP RFC (as far as I could tell). Any takers?

+6  A: 

Before sending any data the browser needs to open a TCP connection to the target site. Since this connection to the target site cannot be opened in the first place, no data can be sent.

Update (Thanks for the hint in the comments): Use HTTP-Requests like POST to avoid sending data over the wire which could be intercepted by proxies before the existence of the target could be checked. With proxies the TCP-connection is always established successfully and the HTTP-request-header is sent to it. The POST-request contains the additional data in his request-body which should be sent only if the request header returns no error. Nevertheless, the implementation of proxies differ and I cannot guarantee that there is no proxy which returns an error if the target-site is non-existing. But in such a case I don't know any way where you could avoid sending the complete data over the wire...

Kosi2801
What about proxies? The client will have no problem connecting in that case.
innaM
True. But when proxying HTTP-posts the proxy would have to cache all the post-data (which can reach several MBs) before it passes it on to the non-existing target. As this would be very inefficient I doubt that it works that way. Haven't found a documentation on how it works in detail tough...
Kosi2801
The HTTP-request is split in header and body. The header is send first, when no error returns (ie. the proxy couldn't connect the target), the body is send afterwards. POST-requests hold the data in the request-body so use these to avoid sending data over the line to non-existing servers.
Kosi2801
Thanks for clearing this up.
innaM
Kos: It's been a while, but I wanted to thank you for your help with this. It settled an internal debate between myself and our release manager :) At the end of the day, it's our customers job to implement our API correctly, I just believe in setting people up for success.
Encoderer