tags:

views:

2528

answers:

2
+3  Q: 

External django redirect with POST parameters

I'm trying to create a redirect in a Django view to an external url with some get parameters attached to the request. After doing some looking around and some trying around, it seems I have hit a road block.

So my view looks something like this

def view(request):
    data = get.data(request)
    if something in data:
        return HttpResponseRedirect('example.com')

This is as far as I was able to get. I know that you in the request url can specify some get parameters like this:

...
return HttpResponseRedirect('example.com?name=smith&color=brown')

However since some of the data is sensitive, I don't want it to end up in the url. Since it's an external url I can't use the redirect() shortcut that accepts views parameters. So pray tell, how does one accomplish such a task?

Edit

After having done some more looking around, and have chatted a bit in IRC, it seems that what I should do, to keep the get parameter away from users, containing payment info, is to send them as post instead. I was told that you should be able to do it by using some JS as well, possibly jQuery. The question still remains though a bit more complicated now. How would one go about creating post redirect in django with the help of javascript?

2nd Edit

Seems like I have been misinformed. Thanx for clearing that up with the redirect protocols DR. Looks like I have been going down the wrong path in my attempt of using redirect to solve this problem.

+2  A: 

GET parameters always go in the URL, that's what makes them GET parameters.

It is not possible to redirect using POST parameters (which don't go in the URL) - this is a restriction of HTTP, not Django.

Daniel Roseman  2009-08-28 09:37:27
Does that mean it's not possible to redirect to a payment site/window, without the user being able to see all the data being sent along?
googletorp  2009-08-28 10:08:16
+3  A: 

I suggest the following approach. In your Django view/template return form to the browser with all the parameters that you want to post as hidden form elements. As soon as the form loads the JavaScript will submit (POST) form to where ever you want.

View:

from django.shortcuts import render_to_response

def view(request):
    return render_to_response('test.html', { 'foo': 123, 'bar': 456 })

Template:

<html>
<head>
    <title>test</title>
     <script type="text/javascript">
     function load()
     {
          window.document.test.submit();
          return;
     }
     </script>
</head>
<body onload="load()">
<form name="test" method="post" action="http://www.example.com"&gt;
    <input type="hidden" name="foo" value={{ foo }} />
    <input type="hidden" name="bar" value={{ bar }} />
</form>
</body>
</html>
 2009-08-28 13:53:47
That's a clever way to avoid the redirect. However, this is javascript dependent so would need to make a graceful degradation also. I wonder how smooth this will be in practice though, having to load the page before being able to do the js post.
googletorp  2009-08-28 15:02:41
Yes this solution depends on JavaScript being enabled in the browser, but it doesn't mean that you need to do it right on this page. You should check for JavaScript before you even get to your view. So that if it is not enabled then user would not even get this far. As for the loading of the page, it would depend on how quick your view returns, and how big is the result HTML. If you only have a couple fields the rendering of the page I am guessing would be in sub-second time. The redirection itself is quick too, so the user experience with this solution is very similar to a normal redirect.
 2009-08-28 19:06:34

related questions

Django: Print url of view without hardcoding the url
Django Calendar Widget?
Can the HTTP version or headers affect the visual appearance of a web page?
Project design / FS layout for large django projects
Extending the User model with custom fields in Django
How to generate urls in django
Always including the user in the django template context
Screencasts for Django/Python?
Using Django time/date widgets in custom form
How do I add data to an existing model in Django?
Setup django with WSGI and apache
Altering database tables in Django
Django Templates and variable attributes.
Django ImageField core=False in newforms admin
How can I render a tree structure (recursive) using a django template?
Cleanest & Fastest server setup for Django
Unicode vs UTF-8 confusion in Python / Django?
Does Hostmonster support Django
Specifying a mySQL ENUM in a Django model
Represent Ordering in a Relational Database
updating an auto_now DateTimeField in a parent model w/ Django
Version track, automate DB schema changes with django
Learning Ruby on Rails any good for Grails?
What Hosting Service is best for Django applications?
Class views in Django