如何在PHP中重定向传递数据而不使用查询参数?

huangapple go评论73阅读模式
英文:

How to redirect passing data without using query parameters in PHP?

问题

以下是翻译好的部分:

我有一个应用程序,它的工作流程如下:

  • index.html加载index.js
  • index.js在本地存储中查找令牌,未找到并使用window.location.href = "auth.php";重定向到auth.php
  • auth.php使用header("Location: external-api.com/login");重定向到external-api.com
  • 用户在其平台上登录,然后使用GET请求带有代码重定向回auth.php
  • auth.php然后使用该代码和一些其他参数向external-api.com发出POST请求,并收到一个包含实际访问令牌的响应
  • auth.php使用header("Location: index.html?token=".$token);重定向回index.html

然而,是否有一种方法可以在不使用查询参数的情况下重定向并传递数据?

英文:

I have an application that works as the following:

  • index.html loads index.js
  • index.js looks for a token on local storage, doesn't find it and redirects to auth.php using window.location.href = "auth.php";
  • auth.php redirects to external-api.com using header("Location: external-api.com/login");
  • the user logs in on their platform, which redirects back to auth.php with a code using get request
  • auth.php then makes a post to external-api.com with that code and a few more params, and receives a response with an actual access token
  • auth.php redirects back to index.html using header("Location: index.html?token=".$token);

However, is there a way to redirect back passing data without using query parameters?

答案1

得分: 2

以下是翻译的内容:

你的问题有点不太清楚,因为你多次提到了“token”,但有两种不同的令牌 + 一个“代码”。

  1. 本地存储令牌
  2. 外部 API 发送用户到 auth.php?code=some_code
  3. auth.php 发送 POST 请求到外部 API 并获取 ACCESS TOKEN

我怀疑你无法隐藏步骤2中的代码(这取决于外部 API 的工作方式),并且你无法隐藏步骤1中的令牌(因为它在本地存储中,位于客户端机器上)。所以,我假设你试图在将 ACCESS TOKEN 从 POST 请求传递回“index.html”时隐藏它。

因此,假设你唯一需要隐藏令牌的地方是在“header("Location: index.html?token=".$token);”期间,那么你可以使用“$_SESSION['token'] = $token”,然后只需使用“header("Location: index.html);”并在请求“index.html”期间检索“$_SESSION['token']”。

此外,你可以将 ACCESS TOKEN 映射到内部代码,并将内部代码传递给用户。这样,用户就无法直接从外部 API 请求用户信息。

你可能会对 https://stackoverflow.com/questions/5576619/php-redirect-with-post-data/55852737#55852737 感兴趣,在那里我进一步详细说明了使用“$_SESSION”方法。

英文:

Your question is a little unclear because you mention token multiple times, but there are 2 different tokens + a 'code'.

  1. Local storage token
  2. external-api sends user to auth.php?code=some_code
  3. auth.php sends POST request to external-api & gets ACCESS TOKEN

I doubt you can hide the code in step 2 (would depend on how the external API works) & you can't hide the token in step 1 (because it is in local storage, on the client machine). So, I assume you're trying to hide the ACCESS TOKEN received from the POST request to external-api, when redirecting back to index.html

So, assuming the only place you need to hide the token is during header("Location: index.html?token=".$token);, then you can use $_SESSION['token'] = $token, then just use header("Location: index.html); and retrieve $_SESSION['token'] during the request to index.html

Also, you could map the ACCESS TOKEN to an internal code, & pass the internal code to the user. That way, the user could not directly request user information from external-api.

You might be interested in https://stackoverflow.com/questions/5576619/php-redirect-with-post-data/55852737#55852737, where I further detail the $_SESSION approach.

huangapple
  • 本文由 发表于 2023年5月24日 22:38:26
  • 转载请务必保留本文链接:https://go.coder-hub.com/76324712.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定