When does a site send back 200 OK to referrer?

I'm trying to understand a concept of HTTP response codes but having some confusion.

I have a site that takes payments from a payment gateway. The customer is redirected to the gateway site and then after payment the gateway redirects back to my site's callback function.

This all works fine, however, the problem is that my site's callback function takes the response code and redirects it to a success or fail page.

The payment gateway gets passed back the the开发者_Python百科 "302" redirect header occurring from this and considers that a security risk, even though it is an internal redirect with no data being passed over (since 302 doesn't keep POST/GET vars anyway). So it cancels the payment.

But really, when the gateway hits my callback function, shouldn't that send back a 200 since it was found and I would think that would be sent back to the gateway and satisfy them. From that point on, whatever happens internally should be none of their concern or knowledge. But it seems 200 doesn't get sent until the final landing page is reached and page execution stops.

The only work around I found to "fool" the gateway is to use a javascript redirect or meta redirect as it doesn't pass back the redirect header code. But is there a better way or something I should be doing differently?

---

Simple answer: Do not redirect the payment gateways return path. You need to handle your success/fail logic differently and transparently to the payment processor.