Hi folks,
I need to redirect a user to an external site though a POST request.
The only option I figured out is to do it submit a form through JavaScript.
Any ideas?
+1
A:
Using a form is probably your only option as links, HTTP redirects and <meta http-equiv="refresh" > will only cause the browser to load another URL using the GET method.
You don't necessarily have to use Javascript to submit a form though. If some user interaction is acceptable you could use a form with some <input type="hidden"> fields and let the user press the submit button.
You may also want to ensure that the page you're redirecting to doesn't already accept GET parameters. Some scripts accept both GET and POST indiscriminately.
Alexandre Jasmin
2010-04-09 01:24:57
+1
A:
Javascript is the only way (to do it automatically). You simply can't redirect a POST request via standard http methods. Are you sure that GET isn't an option here?
WoLpH
2010-04-09 01:25:23
not sure, but I guess it is worth a try!
RadiantHex
2010-04-09 01:33:07
+1
A:
Just set HTML form's action URL to the particular external site.
Here's an SSCCE, just copy'n'paste'n'run it:
<!doctype html>
<html lang="en">
<head>
<title>SO question 2604530</title>
</head>
<body>
<form action="http://stackoverflow.com/questions/2604530/answer/submit" method="post">
<textarea name="post-text"></textarea>
<input type="submit" value="Post Your Answer">
</form>
</body>
</html>
You'll see that Stackoverflow has good CSRF protection ;)
BalusC
2010-04-09 02:30:54
+4
A:
It's not quite clear what you mean, so let's take a few scenarios:
User should POST form to a server other than your own
Easy, just specify the target as the form action:
<form action="http://someotherserver.com" method="post">User should be redirected after a successful POST submit
Easy, accept and process the POST data as usual, then respond with a
302or303redirect header.User should POST data to your server and, after validation, you want to POST that data to another server
Slightly tricky, but three options:
- Your server accepts the POST data and while the user waits for a response, you establish a connection to another server, POSTing the data, receiving a response, then return an answer to the user.
- You answer with a
307redirect, which means the user should attempt the same request at another address. Theoretically it means the browser should POST the same data to another server. I'm not quite sure how well supported this is, but any browser understanding HTTP1.1 should be able to do it. AFAIA it's not used that often in practice.
PS: The specification says that a 307 POST redirect needs to be at least acknowledged by the user. Alas, apparently no browser is sticking to the spec here. IE simply repeats the request (so it works for your purposes), but Firefox, Safari and Opera seem to discard the POST data. Hence, this technique is unfortunately unreliable. - Use technique #1 combined with hidden form fields, adding one step in between.
See here for a list of all HTTP redirection options: http://en.wikipedia.org/wiki/Http_status_codes#3xx_Redirection
deceze
2010-04-09 03:09:57
+1 For mentioning that the POST can be done server-side and researching `307` redirects
Alexandre Jasmin
2010-04-09 03:41:12