POST request being received as GET request on Heroku

Question

Why aren't the POST params that are being set by a html form on another domain being received by my PHP script being hosted by Heroku?

Context:

I've got a simple html form which is sending some user data to a PHP script I've put on Heroku. The form is on a different site/domain, but as I understand the Same Origin Policy shouldn't be breaking the request. In fact, I've tested sending the request from the form to my local machine and the script worked fine.

The request fires perfectly normally from the html form, but by the time it gets to my PHP script, the $_POST array is empty. After checking the Heroku logs, it actually looks like the POST request gets received as a GET by my script.

Is there simply a config/routing thing I haven't done (I'm new to Heroku)?

I took a look at a couple of other questions/answers like this one, but no solution has worked yet for me.

Many thanks in advance for help

UPDATE 1 (4/4/12)

It appears that the POST requests are being moved as CoR has described in his answer. I can't figure out how to stop this from happening though. From researching around, it appears that this moving of POST requests only happens if you're not making them via https.

For now I've submitted and changed the forms method to GET, which works fine. It would of course be nice to know if one can enable POST requests on their Heroku app without setting up SSL.

UPDATE 2 (6/4/12)

I've just opened a ticket with Heroku to find out whether the only way to support POST requests is if you enable SSL. I of course looked through their docs for an answer before asking it here, but nothing relating to POSTs being moved as CoR has answered is described. I will post (...) answer on here when they get back to me.

Answer 1

Okay! Finally got it! After one of the super awesome Heroku team getting back to me in like 10 mins, it turned out to be a silly error.

My form was sending it's request to http://MYAPP.heroku.com, whereas one's Heroku app is actually at http://MYAPP.herokuapp.com. That's all. So obviously my request was getting moved when it was sent to http://MYAPP.heroku.com.

What's more, when (correctly) using the herokuapp.comdomain, you can send requests over HTTPS, although sending POST requests over HTTP will work fine.

The SLL Add-On is only if you have a custom domain and would like to enable SSL for it.

Answer 2

It took me few days to chew url redirection to understandable definitions. Here they are:

301 –   Permanently moved:  breaks POST
302 –   Temporarily moved:  legacy, will change POST to GET
303 -   Temporarily moved: WILL change POST to GET
307 -   Temporarily moved: NOT change POST to GET

EDIT:

it appears that this moving of POST requests only happens if you're not making them via https.

Yes, I forgot that people are using redirections usually to unify trailing slash, www. AND enforce http or https protocol.
As you might have guesses 301 or 302 redirections can break POST. Fix it by using 307 or write to website admin and he may or may not 'fix it'.
It depends if it will break something else, or maybe that website want to force it users to always use https! In that case 301 is desirable solution because sending POST over unsecure http protocol is automatically discarded/transformed to GET request.
It doesn't matter if server is using https if for example first login data was send by http.

It would of course be nice to know if one can enable POST requests on their Heroku app without setting up SSL.

Although technically possible, it is valid server policy to disable POST over http and enforce it to use only https.