开发者

redirect with special POST headers

问答 作者:

In my system, a user will enter data into a form, and it will be processed by a PHP script.

This php script will manipulate this data around, and then needs to redirect the user to an https page, but also send along its own POST parameters.

So, for example, if 

send-me.php?name=chuck+norris
is called, the user should be redirected to 
https://secret.hideout.com/
where a POST parameters are 
is_chuck="1"
be_polite="definitely"
开发者_运维百科run_away="what's the point?"

Is this possible? How?

Thanks

If you don't control the target site, the only way I can see to do this is having a second <form> on the PHP page with the https:// URL as the target, and the values as hidden fields.

However, this way, the values remain manipulable by the user after your PHP script has changed them.

Alternatively, depending on the nature of what you need to do, consider manipulating the values on client side using JavaScript before the form gets posted.

You cannot redirect to a URL with POST parameters.

You can redirect to a URL with GET parameters (appended to the end of the URL):

https://secret.hideout.com/?is_chuck=1&be_polite=definitely&run_away=now

You can use CURL to call a URL with POST parameters, but you can't redirect to it.

I think the best approach is to create a form and call the submit from javascript.

in the send-me.php after you parse the data you need, you display this html:

<form name="send" action="https://secret.hideout.com/" method="post">
<input type="hidden" name="is_chuck" value="1" />
...
</form>
<script type="text/javascript">
document.forms.send.submit();
</script>

however this has cons:

  • the https://secret.hideout.com/ will know by the Referer header that you sent the client and from, to his page.
  • the client can tamper the post data to know what has being posted.

in the other way you can make the post server side, but the client will not have a proper navegation because cookies and etc.

needs to redirect the user to an https page, but also send along its own POST parameters.

That's just impossible. POST is a request header, not response.

So, do not interfere between a user and whatever service.
There are ALWAYS a legal way to get transaction result. Use it.

继续阅读:http-headershttpsphpredirect

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9