Priority: Normal
Current State: Closed
Released In: n/a
Target Release: n/a
Applies To: Extension
Component: FormPlugin
Branches:
I have a form which, upon submission, should redirect the user to their newly created topic. Most browsers handle this without any issues, except Firefox (tested on 3.5+). Firefox prompts the user with a warning dialog: "This web page is being redirected to a new location. Would you like to resend the form data you have typed to the new location?" If a user clicks "OK" here, the form submits and redirects without any issues. Unfortunately, many of my users are confused by this message and end up clicking "Cancel" which abandons their form entry and dumps it in my apache log and in plain text in their browser. To a user, this looks like an application error so they call someone for help. By this time the user has typically logged out and they end up having to fill out the form again from scratch later on (it's a fairly long form), which becomes frustrating to everyone involved.
It looks like
FormPlugin sends the browser a status 307 on submit to handle the redirect. According to W3 specs (
http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html), Firefox is actually correct in prompting the user about this redirect. Unfortunately, none of the other popular browsers seem to behave this way.
A complete solution for
FormPlugin submission/redirection that doesn't trigger any browser to prompt the user with one of these security-related dialog boxes would really improve usability.
Here's a stripped-down version of a form which exhibits the issue:
---+!! MyForm
%STARTFORM{
name="newmyform"
action="%SCRIPTURL{save}%/%BASEWEB%/MyFormAUTOINC000000"
method="POST"
elementformat="<tr><td><strong>$t:</strong></td><td>$e $m</td></tr>"
}%
<table>
<tr><th><h4>Personal Information</h4></th></tr>
%FORMELEMENT{
name="FirstName"
type="text"
title="First Name"
hint="Your first name."
mandatory="on"
validate="string"
size="45"
}%
%FORMELEMENT{
name="LastName"
type="text"
title="Last Name"
hint="Your last name."
mandatory="on"
validate="string"
size="45"
}%
%FORMELEMENT{
name="action"
type="hidden"
value="form"
}%
%FORMELEMENT{
name="formtemplate"
type="hidden"
value="%BASEWEB%.MyForm"
}%
%FORMELEMENT{
name="onlynewtopic"
type="hidden"
value="on"
}%
%FORMELEMENT{
format="<tr><td> </td><td></td></tr><tr><td>$e</td><td></td></tr>"
type="submit"
buttonlabel="Submit application!"
}%
</table>
%ENDFORM%
--
NickLegg - 07 Dec 2010
The code relies on status code
307
, but FF seems to be the only browser that has implemented
the specification correctly. That is: prompt the user.
Other codes do not work.
Possible solution is not easy, see
Response.Redirect with POST instead of Get? (thanks Nick for the pointer).
--
ArthurClemens - 08 Dec 2010
As currently implemented, this is a usability killer for
FormPlugin. Could we perhaps have an "off" option for
noredirect
attribute?
--
LynnwoodBrown - 09 Feb 2011
I am currently working on a total rewrite of the plugin. But this Firefox "feature" cannot be fixed, because I cannot just to a
Foswiki::Func::redirectCgiQuery
and bypass the login screen with post data intact.
In any case this will become the non-javascript fallback, because I am integrating jquery's validation plugin.
--
ArthurClemens - 09 Feb 2011
In my forms, I set "validate='off'" and use the jQuery Validate plugin. So your new plan seems like a reasonable solution. It will be nicer (cleaner) to have it integrated in
FormPlugin.
--
NickLegg - 10 Feb 2011
Fixed in FormPlugin 2.0.
--
ArthurClemens - 30 Apr 2011