Redirect Page with POST

phi95aly has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: Redirect Page with POST by sgifford (Prior) on Jul 14, 2004 at 06:02 UTC
I'm not aware of a way to instruct a browser to re-post its data to a new location. Rather than redirecting the user, you could proxy the request for them. Or, you could store all of the settings from the POST into a session file, then pass back the name of the session file as a parameter to the URL.	[reply]
Re: Redirect Page with POST by bgreenlee (Friar) on Jul 14, 2004 at 06:08 UTC
Assuming you are redirecting to your own server (or one you have access to), there are a number of ways to skin this cat: - encrypt/encode your data and put it on the url or in a cookie - put the data in a temp file on the server and just pass some kind of id on the url (or in a cookie) that allows the receiving script to find that file (and don't forget to sweep up any old temp files) Check out CGI::Session or Apache::Session. Brad	[reply]
Re: Redirect Page with POST by Jaap (Curate) on Jul 14, 2004 at 05:54 UTC
Well fundamentally, if you send users a URL with some sensitive information, they will be able to see it one way or the other. Can't you get the content to your perl script and print it directly to the client?	[reply]
Re: Redirect Page with POST by neeraj (Scribe) on Jul 14, 2004 at 06:39 UTC
rather than using redirect method of CGI.pm or printing Location header, you can simply create a form with METHOD=POST and ACTION=url and the data you want to pass , pass them as hidden fields as below:- `#! /usr/bin/perl use CGI qw/ :standard/; # Initialise a html page print header("text/html"); # Start html page print start_html(-title =>'Test Page',-bgcolor =>'#ffffff'); # Start the query form print start_form(-name=>"test",-action=>"aa.cgi",-method=>"POST"); # send data using hidden fields print hidden(-name=>"tag1",-value=>"data1"), hidden(-name=>"tag2",-value=>"data2"), hidden(-name=>"tag3",-value=>"data3"); print end_form,end_html;` [download] I hope this works, cheers.	[reply] [d/l]
Re^2: Redirect Page with POST by bgreenlee (Friar) on Jul 14, 2004 at 06:44 UTC
You still would need to encrypt the data if you did this, otherwise a View Page Source would reveal the "sensitive" information. Brad	[reply]
Re^3: Redirect Page with POST by hossman (Prior) on Jul 14, 2004 at 21:44 UTC
No one ever said the data was "sensitive", the OP just asked for a way to redirect without needing to shove all of the data into the URL (probably because he thought it looks ugly) The fact that teh OP wnats to "redirect a POST" implies that all of the "sensitive" data came from the user, so what differences does it make if the user sees it?	[reply]
Re: Redirect Page with POST by phi95aly (Novice) on Jul 15, 2004 at 00:27 UTC
Re: Redirect Page with POST by friedo (Prior) on Jul 14, 2004 at 06:22 UTC
The above suggestions are all good. However, if you absolutely must redirect a POST, the only way I know of to do it is to generate a form consisting of hidden input fields containing your data, and then using some Javascript to auto-submit the form upon loading. It is no more secure than using a GET request, and much less likely to work. Use at your own peril. A much better idea would be to figure out a way to keep your sensitive data server-side and/or encrypted, as suggested above.	[reply]
Re: Redirect Page with POST by hossman (Prior) on Jul 14, 2004 at 21:53 UTC
In theory, you can issue a "307" Response, which is supposed to tell the client to "Redirect" to a new URL, using the same method (ie: if the old was a GET, do a GET, if the old was a POST, do a POST with the same data) The problems with this are: Old Browsers may not have any clue what to do with a 307. The spec explicitly says that a client shouldnt' follow a "307 Redirect' without confirmin this is OK with the user (since they may not want to send their data to the new URL) for more info on the existence of 307, see the note in section 10.3.3 of that RFC.	[reply]