External django redirect with POST parameters
https://stackoverflow.com/questions/1345892
-
20-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I'm trying to create a redirect in a Django view to an external url with some get parameters attached to the request. After doing some looking around and some trying around, it seems I have hit a road block.
So my view looks something like this
def view(request):
data = get.data(request)
if something in data:
return HttpResponseRedirect('example.com')
This is as far as I was able to get. I know that you in the request url can specify some get parameters like this:
...
return HttpResponseRedirect('example.com?name=smith&color=brown')
However since some of the data is sensitive, I don't want it to end up in the url. Since it's an external url I can't use the redirect() shortcut that accepts views parameters. So pray tell, how does one accomplish such a task?
Edit
After having done some more looking around, and have chatted a bit in IRC, it seems that what I should do, to keep the get parameter away from users, containing payment info, is to send them as post instead. I was told that you should be able to do it by using some JS as well, possibly jQuery. The question still remains though a bit more complicated now. How would one go about creating post redirect in django with the help of javascript?
2nd Edit
Seems like I have been misinformed. Thanx for clearing that up with the redirect protocols DR. Looks like I have been going down the wrong path in my attempt of using redirect to solve this problem.
Solution
I suggest the following approach. In your Django view/template return form to the browser with all the parameters that you want to post as hidden form elements. As soon as the form loads the JavaScript will submit (POST) form to where ever you want.
View:
from django.shortcuts import render_to_response
def view(request):
return render_to_response('test.html', { 'foo': 123, 'bar': 456 })
Template:
<html>
<head>
<title>test</title>
<script type="text/javascript">
function load()
{
window.document.test.submit();
return;
}
</script>
</head>
<body onload="load()">
<form name="test" method="post" action="http://www.example.com">
<input type="hidden" name="foo" value={{ foo }} />
<input type="hidden" name="bar" value={{ bar }} />
</form>
</body>
</html>
OTHER TIPS
GET parameters always go in the URL, that's what makes them GET parameters.
It is not possible to redirect using POST parameters (which don't go in the URL) - this is a restriction of HTTP, not Django.
I don't agree with Daniel, there's a way around the HTTP limitation of redirecting only with get params. what i am thinking of is:
- Redirect to a GET destination with the params you want.
- On the GET page, setup a form with the params you forwarded
- Auto submit the form.
That's what most file download services do and sometimes even payment pages (Paypal and such). it is indeed a bit ugly (1 more hop) but has it's own benefits.
