External django redirect with POST parameters

googletorp picture googletorp · Aug 28, 2009 · Viewed 16.9k times · Source

I'm trying to create a redirect in a Django view to an external url with some get parameters attached to the request. After doing some looking around and some trying around, it seems I have hit a road block.

So my view looks something like this

def view(request):
    data = get.data(request)
    if something in data:
        return HttpResponseRedirect('example.com')

This is as far as I was able to get. I know that you in the request url can specify some get parameters like this:

...
return HttpResponseRedirect('example.com?name=smith&color=brown')

However since some of the data is sensitive, I don't want it to end up in the url. Since it's an external url I can't use the redirect() shortcut that accepts views parameters. So pray tell, how does one accomplish such a task?

Edit

After having done some more looking around, and have chatted a bit in IRC, it seems that what I should do, to keep the get parameter away from users, containing payment info, is to send them as post instead. I was told that you should be able to do it by using some JS as well, possibly jQuery. The question still remains though a bit more complicated now. How would one go about creating post redirect in django with the help of javascript?

2nd Edit

Seems like I have been misinformed. Thanx for clearing that up with the redirect protocols DR. Looks like I have been going down the wrong path in my attempt of using redirect to solve this problem.

Answer

Sergey Golovchenko picture Sergey Golovchenko · Aug 28, 2009

I suggest the following approach. In your Django view/template return form to the browser with all the parameters that you want to post as hidden form elements. As soon as the form loads the JavaScript will submit (POST) form to where ever you want.

View:

from django.shortcuts import render_to_response

def view(request):
    return render_to_response('test.html', { 'foo': 123, 'bar': 456 })

Template:

<html>
<head>
    <title>test</title>
     <script type="text/javascript">
     function load()
     {
          window.document.test.submit();
          return;
     }
     </script>
</head>
<body onload="load()">
<form name="test" method="post" action="http://www.example.com">
    <input type="hidden" name="foo" value={{ foo }} />
    <input type="hidden" name="bar" value={{ bar }} />
</form>
</body>
</html>