I have faced this problem over and over again.
Scenario: I communicate data to some API using a POST request (this time it's a payment form, the user enters some details and gets redirected to a payment gateway to make the actual transaction via credit card or whatever..), so far so good.
One of the fields commonly required by the APIs in this scenario is a hash field or such, (Basically a field that md5 hashes some of the fields entered + a secret merchant key).
Now..
The only way to hash these fields + the secret key securely is via a server-side language (I use PHP).
I got around this problem by taking the user's original input, processing and hashing it, then prompting the user with a second page, with all the API required fields hidden it included the hash too and asked the user to click a "confirm" button basically triggering the POST request with the API's required fields.
Here's the issue: I don't like prompting the user with a second "confirm" page/button.
I'm currently using Laravel, is there a way to take the user's input, process it and hash what needs to be hashed and automatically redirect him to the payment gateway without having him click a "confirm" button.
I tried to trigger the confirm button in the second page via jQuery on document ready, to make more of a smooth experience, but browsers consider it popup and block it.
Thanks in advance, let me know if I need to clarify anything.
