Proxy converts HTTP POST to GET when the HUD is enabled #1192
Description
Describe the bug
If ZAP is used to proxy requests from another application to a web server, and the ZAP HUD is enabled, then when the application issues an HTTP POST request, it is forwarded to the web server as a GET request. Note that this does not affect HTTPS requests.
Steps to reproduce the behavior
Save the attachment as "post.html".
Open it in a web browser (I used Firefox 109.0.1).
Set the browser's proxy to the ZAP proxy at localhost:8080.
Use the ZAP toolbar button to enable the HUD.
Press the "post" button on the form.
The ZAP HTML history windows shows a new HTTP GET request to http://httpbin.org/post.
The browser displays "405 Method Not Allowed".
Expected behavior
ZAP should show a POST request to "http://httpbin.org/post" and the web browser should show the header and contents of the POST request. This behavior is observed when the ZAP HUD is disabled.
Software versions
Version: 2.12.0
Screenshots
No response
Errors from the zap.log file
No response
Additional context
No response
Would you like to help fix this issue?
- Yes
post.html.txt