1

I try to make a PHP function that

  • set a custom header ("test: longstring"),
  • redirect to an external website with a request containing the custom header

What I done :

public function myFunc() {
  header("test: helloWorld");
  header("Location: mysite.com");
  die();
}

The redirection works but I can't find the test header in the GET request to mysite.com, why ?

NB I want to use header and not a url parameter because the string I want to send is the base64 of a signature generated by openssl_sign.

IggY
  • 3,005
  • 4
  • 29
  • 54
  • when you set `header("test: helloWorld");`, you are setting it to the current page only, and right after it you switch pages. So it won't work. – Phiter Dec 29 '15 at 16:07
  • 2
    it is impossible to do as you want. By setting location header you are redirecting user browser to another website. Browser doesn't save headers in this case. You can try to pass a get parameter to location mysite.com?test=hellowWorld – klipach Dec 29 '15 at 16:09
  • 3
    FYI, and apart from what’s been said already: If you use your own, custom HTTP headers for anything (either request or response), you should try and comply to the convention, that custom headers not covered by the RFC should always be named starting with the prefix `X-`, as in `X-My-Custom-Header: Foo` – CBroe Dec 29 '15 at 16:19
  • @CBroe Thank you for the tips :) – IggY Dec 29 '15 at 16:23

2 Answers2

3

The redirection works but I can't find the test header in the GET request to mysite.com, why ?

Because you set a response header.

There is no way to trigger an HTTP redirect and cause the client to add a custom header.

The only way for a site to make a browser issue an HTTP request with a custom header is to use JavaScript and the XMLHttpRequest object. Since you said you are dealing with an external site, you'd also need to make sure that site implemented CORS to give your site permission.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • Correct. See also https://stackoverflow.com/questions/7583461/redirect-to-page-and-send-custom-http-headers/41218304#41218304 – Vacilando Dec 12 '18 at 16:37
-2

I think the better put 'test' to session and get value from session.

public function myFunc() {
  $_SESSION["test"] =  "helloWorld";
  header("Location: mysite.com");
  die();
}


// mysite.com
if(isset($_SESSION['test']))
{
// Do something
}
Viktor
  • 53
  • 1
  • 4
  • 1
    The question says that the redirect is to a different site. It won't be able to share session data. Additionally, session data is for data which should persist for a session but the question gives no indication that it should last beyond the lifetime of this specific pair of requests. – Quentin Dec 29 '15 at 16:20