undefinedfix
Sign in

How to solve the problem of cross domain redirection with parameters? Do not use stitching parameters at the end of the redirection URL

yaroze edited in Fri, 05 Feb 2021

How to solve the problem of cross domain redirection with parameters? Do not use stitching parameters at the end of the redirection URL

Requirement: project a is on server a, and it needs to be redirected to project B on server B, and it needs to carry parameters, which are not visible to users, so you can't splice parameters behind the redirection URL. Do you have any other solutions?

The project uses spring

RedirectAttributes.addFlashAttribute No, it can only redirect between controllers in the same project.

This problem has not been solved. Please give me a reply.

图片描述

Supplementary questions: (1) you can put the data in the request header in the downstairs answer, but the server of the opposite party needs to set the custom field of allowing the request header

How to understand this? How to realize it?

The browser requests server a (not Ajax request), and server a returns 302 response and redirection URL to redirect the client. At this time, server a can put the parameters to be passed into the response header, and then the browser redirects the target URL, but it will not carry the previous redirection response header information at this time

How can he carry it?

(2) Second, the server returns a 302 redirection response. Can the response contain a response body message???

Because what I tested is to use response to write data, but the browser side can't see the redirection response data. How can I control this in implementation? Do all redirection responses contain no response body?

8 Replies
ImMrBones
commented on Fri, 05 Feb 2021

You can put the data in the request header, but the server of the opposite party needs to set the custom fields that allow the request header

TaneRr
commented on Sat, 06 Feb 2021
  1. Server a sends parameters to B, waiting for B to reply
  2. B gets the parameter, saves it and gives a token to a. A takes this token and redirects it to B
  3. B receives the redirection from a and obtains the parameters saved in step 1 according to the token
EVSART
commented on Sat, 06 Feb 2021

Create a < form method = "post" >, fill in the parameters in the form of < input type = "hidden"... > in < form >, and then trigger submit () with JavaScript. These parameters are invisible in the address bar and brought to the target site.

suxbr
commented on Sat, 06 Feb 2021

Thank you for your invitation. If you control both services, you can encrypt the parameter content. You can refer to how HTTP session is encrypted and decrypted. There are relevant security standards.

SunSplat
commented on Sat, 06 Feb 2021

The main problem is not to try to solve this problem from the front-end point of view? That is to send an Ajax request through the front end, and then use jsonp to solve the problem of cross domain parameter transfer

Sandhya
commented on Sun, 07 Feb 2021

Or make a middle tier service, so that users can't see the specific parameters when they request the middle tier service, which also controls the cross domain problem

user1300830
commented on Sun, 07 Feb 2021

Write the data and server B's address to the browser's Ajax. Ajax takes the address and posts the data to server B

188betasiaa
commented on Sun, 07 Feb 2021

1. If these two servers are under your control, you can take them by cookie cross domain way. Note that only by cookie cross domain 302 redirection can you access server B with cookie request header. Other custom request header browsers will not take them. 2. The HTTP protocol doesn't stipulate that 302 response can't have response body. Maybe the browser has ignored it? 3. You can do it with 307, so that your post request will be posted to the new URI. See rfc2616-307 for details

lock This question has been locked and the reply function has been disabled.