Senthil,

That is a good point about the potential for security issues.  What if it was an explicit option in HTTPRedirectHandler since there is a possibility of value in being able to do it.  I know my case is probably unusual, but I imagine that others might have run into this too.  Something roughly along this line is what I'm thinking:

----------------
class HTTPRedirectHandler(BaseHandler):
    redirect_post_data = False
    ...
    ...
    def redirect_request(self, req, fp, code, msg, headers, newurl):
        ...
        ...
        data = None
        if req.has_data() and self.redirect_post_data:
            data = req.get_data()
        return Request(newurl,
                       data=data,
                       headers=newheaders,
                       origin_req_host=req.get_origin_req_host(),
                       unverifiable=True)
----------------
That would leave the current default behavior as-is, but leave the option to explicitly override it by the user, perhaps with a BIG DISCLAIMER comment about security.