Re^5: I am having problems with both redirection and detecting redirection

in reply to Re^4: I am having problems with both redirection and detecting redirection
in thread I am having problems with both redirection and detecting redirection

However, why don't I just use the following:

I don't know, doesn't make sense to me -- you're not a proxy, so why act like a proxy -- either you're making requests on behalf of a user or the user is making the requests -- redirecting a user to some other site based on a request you generated to that other site, smells like CSRF

Is there any reason to expect that to break?

Sure, if the other site changes, say to ban your client (for TOS) or prevent CSRF :)

But I'm not really sure what you're doing :)

Comment on Re^5: I am having problems with both redirection and detecting redirection

Replies are listed 'Best First'.
Re^6: I am having problems with both redirection and detecting redirection by ted.byers (Monk) on Sep 28, 2012 at 14:23 UTC
Actually, the only reason I am investigating this is that the other site requires me to do this. That is, the web service I am using may or may not redirect me to another of their services based on the data I submit to them, which is data I receive in a request made by my client. I would be much, MUCH happier if it wasn't necessary. The service involved deals with transaction processing. When my client is dealing with those of their customers that do not have extra security features, then I can process as I always do. I can not know, before hand, whether or not a given request will be redirected since neither my client nor I can know whether or not their customer has an account with these extra security features. That is something the service I am using can determine only after I submit the raw data to them. But, if the costumer has an account with extra security, fraud prevention features, then the service I use requires me to redirect them to another of their services (using the redirection data they send back to me - which is different with every request), so the customer can enter data that is known only to them, and then the service I am using sends the result (which I would have otherwise processed normally), to a callback CGI script, so I can store the result and provide my clients with accounting, activity and risk management reports. This is something new that the service I am using hit me with only a few days ago. Thus, the other sites TOS actually requires me to do this, adaptively, based on what response they decide to send back to me.	[reply]

Replies are listed 'Best First'.

Re^6: I am having problems with both redirection and detecting redirection
by ted.byers (Monk) on Sep 28, 2012 at 14:23 UTC

Actually, the only reason I am investigating this is that the other site requires me to do this. That is, the web service I am using may or may not redirect me to another of their services based on the data I submit to them, which is data I receive in a request made by my client. I would be much, MUCH happier if it wasn't necessary. The service involved deals with transaction processing. When my client is dealing with those of their customers that do not have extra security features, then I can process as I always do. I can not know, before hand, whether or not a given request will be redirected since neither my client nor I can know whether or not their customer has an account with these extra security features. That is something the service I am using can determine only after I submit the raw data to them. But, if the costumer has an account with extra security, fraud prevention features, then the service I use requires me to redirect them to another of their services (using the redirection data they send back to me - which is different with every request), so the customer can enter data that is known only to them, and then the service I am using sends the result (which I would have otherwise processed normally), to a callback CGI script, so I can store the result and provide my clients with accounting, activity and risk management reports. This is something new that the service I am using hit me with only a few days ago. Thus, the other sites TOS actually requires me to do this, adaptively, based on what response they decide to send back to me.

[reply]

In Section Seekers of Perl Wisdom