I have a Django (python) website that's working fine using Passenger. All good!
Except for one very strange thing - if I have a form with a textarea and I submit text like this:
then I get a 403 Forbidden error. To generate the error:
I'm very puzzled! It means I can't input any lines in any textarea that starts with an HTTP method name. Bizarre.
I feel this must be something that Passenger is catching something it thinks is problematic but I've no idea how to stop it.
Except for one very strange thing - if I have a form with a textarea and I submit text like this:
Code:
test
get test
- The form can use GET or POST method
- The word "get" must start a new line, but not the first one
- The word "get" must be followed by a space (and optionally more text)
- The word "get" can be replaced by any other HTTP method name, in any case ("POST", "Put", etc)
- The form can just be a GET form to its own URL, on a static page, so it's not being processed by Django
- In fact I don't even need the form itself - I can append this query string to any URL to generate the error:
?test=foo%0D%0Aget+foo
I'm very puzzled! It means I can't input any lines in any textarea that starts with an HTTP method name. Bizarre.
I feel this must be something that Passenger is catching something it thinks is problematic but I've no idea how to stop it.