0

I have to do this action for use payment service provider's form and add signature on server side. I can modify client and server.

Can I do this:

1) client request -(POST, body:{"a":"1"})-> my_server

2) my_server add new param "signature"

3) my_server response -(3xx, body:{"a": "1", "signature": 354}, Location: https://psp.com) -> client

4) client auto request on 3xx -(POST, body:{"a": "1", "signature": 354})-> https://psp.com

?

is it correct scheme? what 3xx is better for this action?

AndreyMagnificent
  • 165
  • 3
  • 11

1 Answers1

0

No. You cannot redirect with a body. A redirect doesn't do anything on its own. It simply tells the client that the page has moved or that they should simply see another page instead at this point. That's it. Response done.

A web browser takes the initiative to then actually request that new URL contained in the Location header of the redirect response. However, it will always issue a GET request for the new URL, and as such, it will not "post" any data along with it.

Chris Pratt
  • 232,153
  • 36
  • 385
  • 444
  • And how I can implement scheme A from https://docs.fondy.eu/docs/page/1/ ? Is scheme A bullshit? – AndreyMagnificent Apr 18 '19 at 15:00
  • It's not a true redirect. The redirect is to a page (still third-party site) which has a form. That form's action is set to the ultimate destination (the original source of the request flow). The form may either be auto-submitted or submitted by user assent, such as when a third-party login provider has the user confirm the requested scopes. – Chris Pratt Apr 18 '19 at 15:10
  • "However, it will always issue a GET request for the new URL" - that is true only for some redirect codes. – Julian Reschke Apr 18 '19 at 15:39
  • @JulianReschke If you're referring to a 307 redirect, it seems like the idea is that they'd POST to the new location, but [in practice browsers don't](https://stackoverflow.com/a/2604893/1139830). That may be [outdated info](https://stackoverflow.com/questions/42703671/which-browsers-support-307-308-redirects-and-how-do-they-handle-them). I haven't tried it myself. – mason Apr 18 '19 at 15:40
  • @JulianReschke: In context, that sentence assumes the browser is following the URL in the first place. If it does choose to follow the URL, it will do so by issuing a GET request, no other HTTP verb. – Chris Pratt Apr 18 '19 at 15:47
  • @ChrisPratt - Chris, that is incorrect for status codes 307 and 308. – Julian Reschke Apr 18 '19 at 17:20