I want send some data to a remote webpage from my site. Actually it can be achieved through form hidden variables. but for security reason, i want set as post variables in header and then send to that webpage. i use this code
$post_data = 'var1=123&var2=456';
$content_length = strlen($post_data);
header('POST http://localhost/testing/test.php HTTP/1.1');
header('Host: localhost');
header('Connection: close');
header('Content-type: application/x-www-form-urlencoded');
header('Content-length: ' . $content_length);
header($post_data);
but my code doesn't work properly.
help me...
POST data forms the body of an HTTP request, it isn't a header, and the header method is used in making HTTP responses.
askapache has an example of making a POST request from PHP using the curl library.
You're trying to put request headers into answer. Client just don't know what to do with it.
What you are trying to achieve is impossible.
What is the task you're trying to accomplish? There can be another way.
If you're trying to post a request to remote server, you'll need to use a tool like cUrl. Here's an exmple:
// Create a curl handle to a non-existing location
$ch = curl_init('http://localhost/testing/test.php');
// Set options
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
// Execute
$page = curl_exec($ch);
Alternatively, if you really want to put data in the headers, you can set custom headers using something like this:
curl_setopt($ch, CURLOPT_HTTPHEADER, array('field: value', 'field2: value') );
The only way to redirect POST Header is an HTTP 1.1 Redirect with 307/308
307 Temporary Redirect
header('HTTP/1.1 307 Redirect');
header('Location: target.php', false, 307);
308 Permanent Redirect
header('HTTP/1.1 308 Redirect');
header('Location: target.php', false, 308);
!!! Only works in PHP if the Redirect Code is setted 2 times in this way !!!
If you only do the 2nd line. PHP made a normal 302 redirect.
Client get a message from browser if to accept this redirect, because of security reasons.
Related
In my PHP software I have an self-update feature which sends a HTTP request with the POST method to a certain URL (to a PHP script). Now this URL has changed (I moved the script to another directory), but to stay backward compatible I want to use the script at the old URL to redirect the POST request to the new location. I tried to use the HTTP 307 status code but the second time PHP makes the request, it changes the method from POST to GET, although it must not do this (at least I though this is what the 307 code is for). I use PHP 5.4.29 on Windows 7 as Apache (2.2.27) module and I sniffed the traffic to make sure that HTTP 1.1 is used in the request and the response.
This is how I make a POST request:
<?php
$requestData = http_build_query(
array(
"param1" => "value1",
// and so on...
)
);
$requestOptions = array("http"=>
array
(
"protocol_version"=>"1.1",
"method"=>"POST",
"header"=>array(
"Content-type: application/x-www-form-urlencoded",
"Connection: close",
),
"content"=>$requestData,
)
);
$requestContext = stream_context_create($requestOptions);
$serverResponse = #file_get_contents("http://localhost/old/long/path/update.php", false, $requestContext);
?>
I tried to redirect manually and automatically by PHP:
<?php
// Redirect manually
header("HTTP/1.1 307 Temporary Redirect");
header("Location: http://localhost/update.php");
// or redirect automatically
header("Location: http://localhost/update.php", true, 307);
?>
According to the sniffed data, everything looks normal. HTTP 1.1 is used in request and response and code 307 is used. But the second time PHP sends the request (to the new location, still with HTTP 1.1, ..) it simply changes the method to GET and my POST payload is lost.
Again: This is not a user / browser redirection - I redirect PHP. I make my request myself and manually though my software and I want to redirect it to a new location. This has nothing to do with a security related topic.
It looks like file_get_contents does not repost the data, possibly for the reason highlighted by #daiscog.
Curl however will repost to the redirected url:
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, 'http://localhost/old/long/path/update.php');
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_FRESH_CONNECT, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $requestData);
$serverResponse = curl_exec($ch);
However it would make more sense to either handle this at the server level (eg an Apache url rewrite) or to simply include the new file in the old one:
//old.php
include('path/to/new.php');
The W3C HTTP/1.1 specification for 307 states:
If the 307 status code is received in response to a request other than
GET or HEAD, the user agent MUST NOT automatically redirect the
request unless it can be confirmed by the user, since this might
change the conditions under which the request was issued.
The point behind this is that it is unsafe for a server to tell a client to POST to a different URL as that may be a malicious attempt to get the client to send data somewhere the user did not intend, so POST redirections are not possible.
Here is my setup,
HTML page using jQuery AJAX to POST data to a php script. The php script in turn, calls a third party REST API. One of the response from REST API is 302 code.
My question is
How do i pass back the 302 return code to AJAX call and then let AJAX handle it?
To clarify this is my php script
$data = array(
'id' => $id,
'name' => $name
);
$postString = http_build_query($data, '', '&');
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL, $url);
curl_setopt($ch,CURLOPT_POST, count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS, $fields_string);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
Now, $result has the response from the REST API, How do i send the 302 information back to my ajax script on html.
Assuming you have already managed to detect the 302 in your PHP, then you can use the header() function to send a 302 status and a location header back to the client.
header("Location: http://example.com/foo/bar"); // 302 is the default for responses with a Location header
However, if you send a 302 response to an Ajax request then the browser will transparently follow it. There is no way to detect the 302 in your JavaScript.
The browser will then get the resource you are redirecting to.
You will then have one of two outcomes:
The resource will be made available to JavaScript through the responseXXX properties
You will have a Same Origin Policy security exception
If you want to display the resource as if a link was followed to it, then you need to give JavaScript the URL to visit (i.e. the URL you are being redirected to) in the response body. You could express it via JSON.
Then in the JS you need to extract that URL and set location to it.
In PHP, try:
http_response_code(302);
http://www.php.net/manual/en/function.http-response-code.php
I have, of course, read several questions with exactly this asked, but I have to say it didn't work for me at all. What I am about to accomplish is
sending 'X-Requested-With: XMLHttpRequest' header via PHP and curl
sending other http request headers via PHP and curl
provided solutions didn't work for me.
How do I know I'm not sending right http request headers?
Simply by
(1)comparing real headers generated by XMLHttpRequest(triggering JQuery click) and those simulated by PHP and curl in Firefox add-on Live HTTP headers
(2)Print_r() -ing $_SERVER variable in target script
What do I get that is incorrect/below my expectations?
First and most important:
Firefox Live HTTP headers does not capture my headers (just like they don't exists).
Second, by print_r($_SERVER):
if I get anything of simulated headers at all, I get [HTTP_X_REQUESTED_WITH] => XMLHttpRequest - not the: [X_REQUESTED_WITH] => XMLHttpRequest.
That problem persists almost for any header I send via curl_setopt($ch, CURLOPT_HTTPHEADER, $curl_header) - any of these is being prefixed with 'HTTP' ('Header1: value1' - I get 'HTTP_HEADER1').
I'm using XAMPP with PHP version 5.4.7, CURL 7.24.0 .
Before I ask if what I'm trying to accomplish is possible or maybe not and say thanks in advance for responses, it's not bad idea to provide my code - one of many code solutions that I've tried.
$curl_header = array('X-Requested-With: XMLHttpRequest');
$data = "name=miloshio"; // just to be sure I'm doing the POST request
$ch = curl_init('http://example.com/test.php');
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $curl_header);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
curl_setopt($ch, CURLOPT_VERBOSE, true);
$result = curl_exec($ch);
echo $result;
Sum of my questions:
Is it possible to send exactly 'X-Requested-With: XMLHttpRequest'
header via PHP and curl?
Is it possible to avoid attaching 'HTTP_' prefix to custom headers
send by PHP and curl?
Are there well-known limitations in matter of using PHP and curl?
Firefox Live HTTP headers won't show your headers as they're sent by the server to another server and not to the client(browser).
Curl send the headers correctly, using CURLOPT_PROXY You can try to put curl traffic through a debuging proxy like Fiddler if You're using windows for development, I'm sure there are linux alternatives
If you try to get the headers from $SERVER variable, they will be prefixed with HTTP, you can use apache_request_headers to get the headers without HTTP_ prefix.
I want to set a request header for a url xyz.com
is it the right way to set it in php?
header('Authorization: AuthSub token="xxxxxx"');
header('location:https://www.google.com/accounts/AuthSubRevokeToken');
I am trying to set the header for this URL for a call.But the Authorization: AuthSub header doesnt shows up in the request headers section of the FireFox NET panel.Which is used to show the requests.
Any idea about it?
Thanx.
I was using curl previously,But it didnt seemed to issue any request as i cant see it in the NET panel of FireFox.
Code is as follows:
$curl = curl_init();
curl_setopt($curl, CURLOPT_URL,"https://www.google.com/accounts/AuthSubRevokeToken");
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_FAILONERROR, true);
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($curl, CURLOPT_HTTPHEADER, array('Authorization: AuthSub token="1/xxx"'
));
$result = curl_exec($curl);
curl_close($curl);
echo 'hererer'.$result;exit;
header sets response headers, not request headers. (If you were trying to send a HTTP request elsewhere, it would have no effect.)
Please also note what the manual says about Remember that header() must be called before any actual output is sent, ....
And turn on error_reporting(E_ALL); before using header() to see if that is the issue for you.
Header names and values need to be separated by one colon plus a space, so the location "header" is just wrong, it should be:
header('Location: https://www.google.com/accounts/AuthSubRevokeToken');
(It's common to write the case this way, too, but not a need)
Next to that the header function is setting response headers, not request headers. So you're basically using the wrong tool.
In PHP you can not set request headers, that's part of the client (e.g. browser), not the server. So header just looks wrong here. Which HTTP client are you using?
A call, as in using CURL to request another page? The header() function applies only for web-browser<->server communications. It cannot affect any requests your server-side script does to other webservers. For that, you need to modify the particular method you're using, e.g. curl or streams.
For curl, see CURLOPT_HTTPHEADER here: http://php.net/curl_setopt
I'm trying to perform a redirect using cURL. I can load the page fine, that's not a problem, but if I load say google.com non of the images load and the site does not work (obviously because its just printing the HTML and not actually doing a redirect).
Is there any way to perform a redirect using cURL? Sort of similar to how ...
header("Location: http://google.com");
... works?
Any help would be much appreciated.
Well, from my understading, it seems like OP want's to redirect the user to the search results URL.
Using the GoogleAPI would be a first choice and to achieve something like that, I would do this:
<?php
$query = "firefox";
$apiUrl = "http://ajax.googleapis.com/ajax/services/search/web?v=1.0&q=".urlencode($query);
$ch = curl_init();
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_URL, $apiUrl);
$content = curl_exec($ch);
$content = json_decode($content);
$luckyUrl = $content->responseData->results[0]->unescapedUrl;
header("Location: ".$luckyUrl);
?>
The code above works like 'I feel lucky'....
Use curl with -L
-L/--location
(HTTP/HTTPS) If the server reports that the requested page has
moved to a different location (indicated with a Location: header
and a 3XX response code), this option will make curl redo the
request on the new place. If used together with -i/--include or
-I/--head, headers from all requested pages will be shown. When
authentication is used, curl only sends its credentials to the
initial host. If a redirect takes curl to a different host, it
won't be able to intercept the user+password. See also --loca‐
tion-trusted on how to change this. You can limit the amount of
redirects to follow by using the --max-redirs option.
When curl follows a redirect and the request is not a plain GET
(for example POST or PUT), it will do the following request with
a GET if the HTTP response was 301, 302, or 303. If the response
code was any other 3xx code, curl will re-send the following
request using the same unmodified method.
So when using cURL
add
curl_setopt($process, CURLOPT_FOLLOWLOCATION, 1);
I'm afraid it is impossible to force the client's browser to send certain POST values and refers, you can only force it to go somewhere, hence header().
Does this answer your question?
It's should to work.pls try this: header( 'Location: http://www.google.com' ).Use the (')single cote instead of "(double)