A good way to redirect with a POST request?

Solution 1:

It's not quite clear what you mean, so let's take a few scenarios:

  1. User should POST form to a server other than your own

    Easy, just specify the target as the form action:

    <form action="http://someotherserver.com" method="post">
    
  2. User should be redirected after a successful POST submit

    Easy, accept and process the POST data as usual, then respond with a 302 or 303 redirect header.

  3. User should POST data to your server and, after validation, you want to POST that data to another server

    Slightly tricky, but three options:

    • Your server accepts the POST data and while the user waits for a response, you establish a connection to another server, POSTing the data, receiving a response, then return an answer to the user.
    • You answer with a 307 redirect, which means the user should attempt the same request at another address. Theoretically it means the browser should POST the same data to another server. I'm not quite sure how well supported this is, but any browser understanding HTTP1.1 should be able to do it. AFAIA it's not used that often in practice.
      PS: The specification says that a 307 POST redirect needs to be at least acknowledged by the user. Alas, apparently no browser is sticking to the spec here. IE simply repeats the request (so it works for your purposes), but Firefox, Safari and Opera seem to discard the POST data. Hence, this technique is unfortunately unreliable.
    • Use technique #1 combined with hidden form fields, adding one step in between.

See here for a list of all HTTP redirection options: http://en.wikipedia.org/wiki/Http_status_codes#3xx_Redirection

Solution 2:

Just set HTML form's action URL to the particular external site.

Here's an SSCCE, just copy'n'paste'n'run it:

<!doctype html>
<html lang="en">
    <head>
        <title>SO question 2604530</title>
    </head>
    <body>
        <form action="http://stackoverflow.com/questions/2604530/answer/submit" method="post">
            <textarea name="post-text"></textarea>
            <input type="submit" value="Post Your Answer">
        </form>
    </body>
</html>

You'll see that Stackoverflow has good CSRF protection ;)

Solution 3:

Javascript is the only way (to do it automatically). You simply can't redirect a POST request via standard http methods. Are you sure that GET isn't an option here?