From what I can tell the MapBuilder people have gotten around this by:
1. not using SLD POST (As far as I can tell, geoserver is
the only WMS server to support it)
2. using a WFS proxy to so the XMLHttpRequest doesn't have
security issues.
Correct, I've successfully done WFS GetFeature operations by POST where the
message body is the XML for the request, using the Mapbuilder proxy script
to get past the security issues. We don't support SLD post yet.
I've also noticed a few other issues;
1. POST isn't POST.
When you do <form action=POST...><input type=hidden
name=XML> in HTML, you'll get a request that has something
like this in the body:XML=<url encoded version of your XML>
(you can also use encType="multipart/form-data" for form
data, which has a nicer encoding)Unfortunately, the WFS POST systems expect a more
SOAP-like encoding.
The body is just "plaintext" XML.
I ran into this same problem doing a client for the OGC Web Processing
Service IE, where I thought that the "query string as post body" method
should not be allowed. However the consensus was that if the mime/type was
set to "multipart/form-data" then the service would interpret the body as a
query string, otherwise the body is text/xml XML document.
These 2 ways arent compatible.
SOLUTION: make all the Geoserver POST handlers handle all
the different encodings. At the very least, make the WMS
POST handler work with the SOAP-like encoding and the <form
action=POST> encoding.2. Handling WMS SLD-POST via a GET.
Gabriel had a suggestion very much like this (its also how
the original Mapserver non-WMS interface works). There's two major
possibilities:a) instead of sending a request to the wms "getmap"
service, send the exact same request to another servlet. It
takes your GetMap POST XML and converts it into a HTTP GET
request and saves the SLD locally. It responds with an
address with a "&SLD=<local temp file>". The client can then
use this address to grab the image.** If you just return the URL query string, you can have
this proxy and the .html file on the same server, getting you
around security issues. The web browser can then just
appends the query string onto the WMS server address and make
the request. This seems to be the most "compatible" method,
but there's a lot of round-trips!** The complexity of this can be all hidden away in a
single JavaScript function.** This would be like a temporary "PutStyle" request
b) send the POST normally, but ask for the output format
to be "indirect/png" or "indirect/jpg". The server renders
the image normally, and saves the resulting image on the
server. It returns a simple address where you can use HTTP
GET to retrieve the result.** The complexity of this can be all hidden away in a
single JavaScript function.
Method b) seems to be closest to the spec to me and would be much easier to
handle from the client side.
Mike Adair