Ignoring the response-body


#1

Hi, cloudflare team.

Why your service is ignoring response body? How I must add response body and redirect to HTTPS method.

I am using by second web-site: MY_SITE.

This is my log.
curl -X POST -d “name=Aibek” -H “Content-Type: application/x-www-form-urlencoded” -L http://MY_SITE/?name=Daniyar -vvv

Note: Unnecessary use of -X or --request, POST is already inferred.

  • Trying 104.18.56.79…
  • TCP_NODELAY set
  • Connected to MY_SITE (104.18.56.79) port 80 (#0)

POST /?name=Daniyar HTTP/1.1
Host: MY_SITE
User-Agent: curl/7.61.0
Accept: /
Content-Type: application/x-www-form-urlencoded
Content-Length: 10

  • upload completely sent off: 10 out of 10 bytes
    < HTTP/1.1 301 Moved Permanently
    < Date: Mon, 04 Feb 2019 10:17:31 GMT
    < Content-Type: text/html; charset=iso-8859-1
    < Transfer-Encoding: chunked
    < Connection: keep-alive
    < Set-Cookie: __cfduid=d9db99e6dc47c7ef3e220ea73ab41a39e1549275451; expires=Tue, 04-Feb-20 10:17:31 GMT; path=/; domain=.MY_SITE; HttpOnly
    < Location: MY_SITE/?name=Daniyar
    < Server: cloudflare
    < CF-RAY: 4a3c6355375cc297-FRA
    <
  • Ignoring the response-body
  • Connection #0 to host MY_SITE left intact
  • Issue another request to this URL: ‘https://MY_SITE/?name=Daniyar’
  • Switch from POST to GET
  • Trying 104.18.57.79…
  • TCP_NODELAY set
  • Connected to MY_SITE (104.18.57.79) port 443 (#1)
  • ALPN, offering h2
  • ALPN, offering http/1.1
  • successfully set certificate verify locations:
  • CAfile: none
    CApath: /etc/ssl/certs
  • TLSv1.3 (OUT), TLS handshake, Client hello (1):
  • TLSv1.3 (IN), TLS handshake, Server hello (2):
  • TLSv1.3 (IN), TLS handshake, [no content] (0):
  • TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
  • TLSv1.3 (IN), TLS handshake, Certificate (11):
  • TLSv1.3 (IN), TLS handshake, CERT verify (15):
  • TLSv1.3 (IN), TLS handshake, Finished (20):
  • TLSv1.3 (OUT), TLS change cipher, Client hello (1):
  • TLSv1.3 (OUT), TLS handshake, [no content] (0):
  • TLSv1.3 (OUT), TLS handshake, Finished (20):
  • SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
  • ALPN, server accepted to use h2
  • Server certificate:
  • subject: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=sni.cloudflaressl.com
  • start date: Feb 2 00:00:00 2019 GMT
  • expire date: Feb 2 12:00:00 2020 GMT
  • subjectAltName: host “MY_SITE” matched cert’s “*.my_Site”
  • issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
  • SSL certificate verify ok.
  • Using HTTP2, server supports multi-use
  • Connection state changed (HTTP/2 confirmed)
  • Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
  • TLSv1.3 (OUT), TLS app data, [no content] (0):
  • TLSv1.3 (OUT), TLS app data, [no content] (0):
  • TLSv1.3 (OUT), TLS app data, [no content] (0):
  • Using Stream ID: 1 (easy handle 0x56455f16fd00)
  • TLSv1.3 (OUT), TLS app data, [no content] (0):

POST /?name=Daniyar HTTP/2
Host: MY_SITE
User-Agent: curl/7.61.0
Accept: /
Content-Type: application/x-www-form-urlencoded

  • TLSv1.3 (IN), TLS handshake, [no content] (0):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
  • TLSv1.3 (IN), TLS app data, [no content] (0):
  • Connection state changed (MAX_CONCURRENT_STREAMS == 256)!
  • TLSv1.3 (OUT), TLS app data, [no content] (0):
  • TLSv1.3 (IN), TLS app data, [no content] (0):
  • TLSv1.3 (IN), TLS app data, [no content] (0):
    < HTTP/2 200
    < date: Mon, 04 Feb 2019 10:17:32 GMT
    < content-type: text/html; charset=UTF-8
    < set-cookie: __cfduid=d292d50005d5274f64bd5472c972033841549275452; expires=Tue, 04-Feb-20 10:17:32 GMT; path=/; domain=.my_Site; HttpOnly
    < expect-ct: max-age=604800, report-uri=“https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
    < server: cloudflare
    < cf-ray: 4a3c6358be3e64e1-FRA
    <
    Array
    (
    )
    Array
    (
    [name] => Daniyar
    )
  • TLSv1.3 (IN), TLS app data, [no content] (0):
  • Connection #1 to host MY_SITE left intact

#2

can you try with https instead of HTTP here?


#3

When submitting a POST request bad things could happen if a POST was submitted again after following a 301. If the origin isn’t set to accept post requests on http you should not submit post requests on http. No browser is going to follow a 301 and resubmit either.