Symfony2 and cross site POST request => empty data

1
votes

I'm trying to send a XML string to a controller using winhttp.winhttprequest.5.1 from a remote server via POST. Doing so on my dev machine runs perfectly fine (hosting client and server on the same machine, same IP). Nevertheless, when my application is deployed on the production server, the POST array is empty.

I think it might be due to CSRF protection, but even if I disable it in config.yml, my controller still get empty data. So, I'm quite stuck right here, would appreciate any help.

Sending data using winhttp.winhttprequest.5.1

loObj.Open("POST", url, .F.)
loObj.SetRequestHeader("Content-Type", "application/x-www-form-urlencoded")
loObj.Send("lcFile=" + parsedContent)

Symfony2 Controller :

public function getStockFromLogisticsXMLStringAction(Request $request)
{
    $request = $this->get('request');

    $xml = "";
    $output = $this->get('webservice.response');

    if ($request->getMethod() == 'POST') 
        $xml = $request->request->get('lcFile');
...
}

Request dump :

  • Dev machine : [request] => Symfony\Component\HttpFoundation\ParameterBag Object (
    [parameters:protected] => Array (
    [lcFile] => A1005LNBsLNBs5false2013-05-30T12:06:52201 blablabla

  • Prod machine : [request] => Symfony\Component\HttpFoundation\ParameterBag Object (
    [parameters:protected] => Array ( ) )
    [query] => Symfony\Component\HttpFoundation\ParameterBag Object (
    [parameters:protected] => Array

Both environment are running Apache with PHP 5.4.

The fact I'm suspecting some CSRF protection issue is that if I send the exact same XML string to a pure PHP script on the production server dumping the POST data into a file, it works. If I send those datas to a Symfony controller, the request is empty...

Thank you.

1
phpsymfonypost
Do you get a 200 HTTP response code or are there any general errors (e.g. routing...)sebbo
It is a 200 HTTP response. Not any errpr of any type. It really just is an empty POST array...David B.
How did you check that the request body is empty? var_dump?sebbo
$xml is checked after $request->request->get(). For purpose test, var_dump indeed.David B.
Could you try to var_dump the $request->request object. Just to check if there is no request body at all.sebbo

1 Answers

2
votes

Using OVH as a production server, it set a http firewall unabling to send POST data to controllers (.ovhconfig on root directory). Removing or setting it right allowed me to send those data.

 http.firewall=none

Thanks for helping anyway.