Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation

Re^3: Sending information via HTTP "POST" without submitting a form

by jhourcle (Prior)
on Jun 20, 2005 at 22:50 UTC ( #468504=note: print w/replies, xml ) Need Help??

in reply to Re^2: Sending information via HTTP "POST" without submitting a form
in thread Sending information via HTTP "POST" without submitting a form

What you're explaining doesn't make sense to me, based on what I've had to do before with passing control between systems. I'm guessing that the payment processor most likely has suggestions on how to use their system, and if they think the scenario that you are explaining makes sense, that they would have instructions for doing it.

  • Comment on Re^3: Sending information via HTTP "POST" without submitting a form

Replies are listed 'Best First'.
Re^4: Sending information via HTTP "POST" without submitting a form
by jeyroz (Monk) on Jun 20, 2005 at 23:04 UTC

    jhourcle, thanks for your reply.

    The payment processor simply expects a form to be submitted with payment information. The client has asked that we verify some "Terms of Use", etc. before their customer remits payment. We are validating their 'acceptance' of the Terms with javascript but would like backend validation as well (for obvious reasons). As you would expect, the payment processor doesn't offer validation of non payment information on their system ... therefore I am left to validate these elements once the form is submitted but before the request is sent to the payment processor. After our validation is complete the information and the user need to be redirected to the payment processor's server to complete the transaction. I would like to transfer this info via POST instead of GET as would be the case if I attached the information to a redirect like so: $q->redirect('processor_server?info=foo&info2=bar').

    If this is still unclear please let me know.

    author => jeyroz

      It's clear -- but I wouldn't normally want to pass control of the user's session to another server.

      You're right, in that you do not want to do this with GET. In fact, you should never send anything sensitive in the URI, and should never use GET for something that might have side-effects. Modifications should be reserved for POST (or PUT or DELETE, but most servers don't implement it)

      Redirection in general is a tricky thing when you're trying to force someone to post. The HTTP spec specifically warns browser authors about how they're supposed to handle redirection.

      From what you're describing, I would probably have the user first go to a page for them to look over what it is that they're ordering, and on that page, populate a number of hidden fields, and have then click a subtly-disguised submit button that sends them to the alternate server in question.

      I still don't like giving them control, though. Perhaps set a TARGET on the form submit, so it comes up in another window, or something.

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://468504]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (6)
As of 2023-10-04 15:35 GMT
Find Nodes?
    Voting Booth?

    No recent polls found