POST Request appears as GET request to Flask app

Hello, I am working on moving a python flask app across from render.com where it runs fine, but when deployed on railway there is an issue. From testing it seems as though separate functions related to the type of request at the same route are all being treated as GET requests. As an example: a POST at myurl/users and a GET at myurl/users are both being recieved as a GET at myurl/users. The same is true for a DELETE request. Does anyone know what could be causing this? thanks
Solution:
it's caused by trying to request with http, please make sure you are using https
Jump to solution
9 Replies
Percy
Percy16mo ago
Project ID: 7bf323ec-abda-4aaa-834b-3521cc4043f9
yolobrolo
yolobrolo16mo ago
7bf323ec-abda-4aaa-834b-3521cc4043f9
Solution
Brody
Brody16mo ago
it's caused by trying to request with http, please make sure you are using https
yolobrolo
yolobrolo16mo ago
The request is a https POST request gets redirected and swapped to a http POST request and then redirected and swapped to a https GET request. Not sure what is going on here?
yolobrolo
yolobrolo16mo ago
this is how I would expect it to look (how it was working previously on render).
yolobrolo
yolobrolo16mo ago
Just as additional information, POST requests to routes that accept only POST requests are working fine, this only seems to happen on routes which accept multiple request types i.e GET, POST, DELETE all at .../api/project
Brody
Brody16mo ago
this would be your app sending the additional redirect response to the same location with a trailing slash, except the redirect location your app sent used http. then that would be render not letting your app do something silly like sending a redirect to an http location this is a good example of how render holds their users hands and trys to prevent common mistakes, where railway runs your code as is
yolobrolo
yolobrolo16mo ago
ah I see, thank you for the explanation! I agree it's good that railway prioritises running code as is. Makes for easier debugging. I wouldn't have even noticed this possible vulnerability otherwise.
Brody
Brody16mo ago
I agree, heroku and render both do all sorts of stuff that would allow a lot of bad practices to slip by completing unnoticed
Want results from more Discord servers?
Add your server