Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

BUG: IWebBrowser::Navigate May Incorrectly Send POST Request Instead of GET Request


View products that this article applies to.

This article was previously published under Q315762

↑ Back to the top


Symptoms

If you send a POST request that is followed by a GET request through the IWebBrowser::Navigate or the IWebBrowser2::Navigate2 method, the GET request becomes a POST request, and the POST data from the first request is posted. This may result in a security problem that posts sensitive data to another Web site.

↑ Back to the top


Cause

Internet Explorer reuses an internal data structure from the first request (POST). Subsequently, Internet Explorer does not properly use this internal data structure with the simple GET request.

↑ Back to the top


Resolution

To work around this problem, send a more complicated GET request that forces Internet Explorer to re-create the internal data structure. To do this, send a navNoReadFromCache flag in the request as follows:
// Use COM directly (instead of going through MFC or ATL).
VARIANTARG vWorkaround;
VariantInit(&vWorkaround);
vWorkaround.vt = VT_I4;
vWorkaround.lVal = navNoReadFromCache;
hr = browser->Navigate(L"http://www.microsoft.com", &vWorkaround, &vDummy, &vDummy, &vDummy);
				
NOTE: When you use this workaround, you may have to resynchronize with the server instead of pulling from the cache.

↑ Back to the top


Status

Microsoft has confirmed that this is a bug in the Microsoft products that are listed at the beginning of this article.

↑ Back to the top


More information

Steps to Reproduce Behavior

  1. Create an Active Template Library (ATL) project, and then add a Lite control.
  2. Add a WM_LBUTTONDOWN message handler in the Lite control.
  3. Include ExDisp.h and Shlguid.h at the top of the Lite control header file.
  4. Add the following code to the WM_LBUTTONDOWN handler:
    LRESULT OnLButtonDown(UINT uMsg, WPARAM wParam, LPARAM lParam, BOOL& bHandled)
    {
    	CComPtr<IWebBrowser2> browser;
    	CComPtr<IServiceProvider> isp;
    	HRESULT hr;
    
    	hr = m_spClientSite->QueryInterface(IID_IServiceProvider, reinterpret_cast<void **>(&isp));
    	hr = isp->QueryService(IID_IWebBrowserApp, IID_IWebBrowser2, reinterpret_cast<void **>(&browser));
    
    	CComVariant postData("userid=me;password=test");
    	char* postDataString = "userid=me;password=test";
    	int len = strlen(postDataString);
    	postData.vt = VT_ARRAY;
    	postData.parray = SafeArrayCreateVector(VT_UI1, 0, len);
    	void HUGEP* safeData;
    	hr = SafeArrayAccessData(postData.parray, &safeData);
    	memcpy(safeData, postDataString, len);
    	hr = SafeArrayUnaccessData(postData.parray);
    
    	CComVariant targetFrame(L"_blank");
    	CComVariant vNull;
    	CComVariant flags((int)navNoReadFromCache); // workaround
    
    	// Use a different window to navigate.
    	hr = browser->Navigate(L"http://www.yahoo.com", &vNull, &targetFrame, &postData, &vNull);
    
    	// Use the original window to navigate.
    	hr = browser->Navigate(L"http://www.yahoo.com", &vNull, &vNull, &vNull, &vNull);
    		
    	// Use the workaround to navigate.
    	//hr = browser->Navigate(L"http://www.yahoo.com", &flags, &vNull, &vNull, &vNull);
    
    	return 0;
    }
    					
  5. Build the control, and then capture network traffic by using a tool such as Network Monitor.
  6. The ATL Wizard creates the Hypertext Markup Language (HTML) file for you so that you can have a simple HTML test page. Copy this HTML file in the project to another computer that has Microsoft Internet Information Services (IIS) because Network Monitor cannot perform network traces on the same computer.
  7. On the development computer, open the HTML page that you copied to the remote computer in Internet Explorer. Start the network trace program on the computer where the project was compiled. Click the ATL component.
  8. Stop the network trace. In the network trace, notice that the request for www.yahoo.com is a POST request instead of a GET request. The POST data from the first POST request is sent as well. In addition, notice that both Internet Explorer windows display the Yahoo error message as a result of the POST requests. However, only one Internet Explorer window should display this error message.
The problem appears only from an ActiveX control that is hosted within Internet Explorer when you follow the steps in the "Steps to Reproduce Behavior" section. If you host Internet Explorer instead, the steps to reproduce this behavior vary. However, these steps still require a sequence of mixed GET and POST requests.

↑ Back to the top


References

For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
148942� How to Capture Network Traffic with Network Monitor

↑ Back to the top


Keywords: KB315762, kbpending, kbbug

↑ Back to the top

Article Info
Article ID : 315762
Revision : 2
Created on : 5/10/2003
Published on : 5/10/2003
Exists online : False
Views : 411