"Location" redirect with custom headers

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Hi all. I'm developing something for work in which details about a
user are determined from specific headers being sent through. This is
done through a central website (e.g: visits main site --> redirected
to sniffing site --> redirect back to main site), and so involves
cross-domain redirecting.

Now, the main question I have is whether it is possible at all to send
custom headers along with a redirect? So, if the user visits the
sniffing site, and is redirected back to the main site with some
additional headers tacked onto their request - headers which are
determined by the sniffing site.

Is this possible? At the moment, I'm having to use querystring
parameters in order to achieve this, although it would be nice if the
URL could be tidied up a little bit.

Thanks in advance for any help offered :)


Re: "Location" redirect with custom headers

geoff escribió:
Quoted text here. Click to load it

You can send any custom header you want within the server response, but
you cannot affect the headers sent by the browser, beyond the "Cookie"
header. And third-party cookies tend to be ignored.

Quoted text here. Click to load it

That's what many popular sites like Gmail or Yahoo seem to be doing. You
can always clean up the URL with one more redirect in the final server,
once you're done with the information exchange.

-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://borrame.com
-- Mi web de humor satinado: http://www.demogracia.com

Re: "Location" redirect with custom headers

On Tue, 01 Sep 2009 11:23:31 +0200, Álvaro G. Vicario wrote:
Quoted text here. Click to load it

One probably would have to. One of the more commonly-installed browsers
has a cap of about 2000 characters before the URL-fetching mechanism
just quits working. That seems like plenty upfront, but it gets really
small really fast when you're doing a lot of cross-domain information
passing. (It's almost worth learning how to do tcp/ssh-based
interprocess communication to handle these things instead of try to pass
the crud via a browser.)

Time is a great teacher, but unfortunately it kills all its pupils.
                -- Hector Berlioz

Re: "Location" redirect with custom headers

Quoted text here. Click to load it

No, you can add customer headers in either direction but they will not
be maintained across requests/replies.

This has already ben discussed recently on this NG:

http://groups.google.com/group/comp.lang.php/browse_thread/thread/4751ba896 =

In your case, which sounds vaguely like a single-sign-on type setup,
the solution is to pass a token back from the authenticating site in
the query part of a Location redirect.


Site Timeline