A good way to redirect with a POST request?_问答_开发者

A good way to redirect with a POST request?

开发者 https://www.devze.com 2022-12-25 23:19 出处：网络

I need to redirect a user to an external site though a POST request. The only option I figured out is to do it submit a form 开发者_高级运维through JavaScript.

I need to redirect a user to an external site though a POST request.

The only option I figured out is to do it submit a form 开发者_高级运维through JavaScript.

Any ideas?

It's not quite clear what you mean, so let's take a few scenarios:

User should POST form to a server other than your own

Easy, just specify the target as the form action:
```
 <form action="http://someotherserver.com" method="post">
```
User should be redirected after a successful POST submit

Easy, accept and process the POST data as usual, then respond with a 302 or 303 redirect header.
User should POST data to your server and, after validation, you want to POST that data to another server

Slightly tricky, but three options:
- Your server accepts the POST data and while the user waits for a response, you establish a connection to another server, POSTing the data, receiving a response, then return an answer to the user.
- You answer with a 307 redirect, which means the user should attempt the same request at another address. Theoretically it means the browser should POST the same data to another server. I'm not quite sure how well supported this is, but any browser understanding HTTP1.1 should be able to do it. AFAIA it's not used that often in practice.
  PS: The specification says that a 307 POST redirect needs to be at least acknowledged by the user. Alas, apparently no browser is sticking to the spec here. IE simply repeats the request (so it works for your purposes), but Firefox, Safari and Opera seem to discard the POST data. Hence, this technique is unfortunately unreliable.
- Use technique #1 combined with hidden form fields, adding one step in between.

See here for a list of all HTTP redirection options: http://en.wikipedia.org/wiki/Http_status_codes#3xx_Redirection

Just set HTML form's action URL to the particular external site.

Here's an SSCCE, just copy'n'paste'n'run it:

<!doctype html>
<html lang="en">
    <head>
        <title>SO question 2604530</title>
    </head>
    <body>
        <form action="http://stackoverflow.com/questions/2604530/answer/submit" method="post">
            <textarea name="post-text"></textarea>
            <input type="submit" value="Post Your Answer">
        </form>
    </body>
</html>

You'll see that Stackoverflow has good CSRF protection ;)

Javascript is the only way (to do it automatically). You simply can't redirect a POST request via standard http methods. Are you sure that GET isn't an option here?

Using a form is probably your only option as links, HTTP redirects and <meta http-equiv="refresh" > will only cause the browser to load another URL using the GET method.

You don't necessarily have to use JavaScript to submit a form though. If some user interaction is acceptable you could use a form with some <input type="hidden"> fields and let the user press the submit button.

You may also want to ensure that the page you're redirecting to doesn't already accept GET parameters. Some scripts accept both GET and POST indiscriminately.