How to remove response headers when sending a json response in php?
I am making an ajax request to开发者_JAVA技巧 a php page e.g page1.php. In page1.php I have a header("Location:page2.php?password=1234")
code which redirects to page2.php with the password as a GET parameter. page2.php gives a json response.
The problem is that when I do inspect element and check the resources in Safari browser, I am able to see the location page2.php?password=1234" in the response header part.
This is a security issue. Please suggest how can I remove the response headers when sending the json response? I am using PHP 5.2.6.
Why just don't use SESSION for logged user? Or plain simple Cookie?
Rather than redirecting to the second page, you could query it from the first page, and display its output.
Assuming your setup supports it, the easiest way is probably to include the following in page1.php
:
readfile('http://yoursite.org/page2.php?password=1234');
as a poor man defense, you could use some kind of crypt functions (md5, sha1, crc32) to generate hash from password and transfer it instead of password. Though, it is better to redo whole system to avoid it.
This workaround does not answer your question, though.
精彩评论