I tried this…it sounded like just the thing Trump’s cronies would do, drop all the survey data just to get angry folks at their computers to give him money. So, I tried it (with dummy data, of course).

I got something a little different.

The POST request of the survey data did not fail — but instead of a 200 OK, it was a 302 FOUND, with a redirect to the donation page:

Then, in response to the redirect, there was a GET request to the donation site, which succeeded, and has the name, ZIP, and email information in the query string parameters.

Of course, there is no notice to the user that the redirect is going on, no chance to confirm or revise the survey data before the redirect. That fails to comply with RFC2616, which states:

“ If the 302 status code is received in response to a request other
than GET or HEAD, the user agent MUST NOT automatically redirect the
request unless it can be confirmed by the user, since this might
change the conditions under which the request was issued.”

Of course, RFCs are not quite the most important rules Donald Trump and his cronies have been breaking of late, though it seems oddly fitting that he’d be violating a part of an RFC designed to ensure that users know what they’re getting into when submitting data via a web form.