PLEASE NOTE: These forums are no longer utilized and are provided as an archive for informational purposes only. All support issues will be handled via email using our support ticket system. For more detailed information on this change, please see this blog post.

POST Redirect with Nonces

Gravity Support Forums » General » Feature Requests

  1. ronalfy
    Member

    This is two feature requests wrapped into one...

    1st, I noticed that GF has a nice GET redirect where you can build your own query. However, passing GET data to a redirect page and having that data parsed is unsecure since the referrer can't be checked easily.

    It would be "real nice" (perhaps this is added, but can't find it?) if we could build POST variables and have these submitted to a redirect page.

    Which brings me to my second feature request.

    2nd, I propose adding a special hidden field for nonces. Allow the user to add the string for the nonce, that way the user can check the referer when parsing the passed data.

    Ronald

    Posted 14 years ago on Saturday January 30, 2010 | Permalink

  2. Carl Hancock
    Administrator

    Very good ideas Ronald.

    We actually were going to enable posting of data when we initially implemented the redirection functionality, however we went with GET at the time as it would be easier for people to use for simple tasks. But I agree that POST is something we should add as the security issues need to be taken into account as you pointed out.

    Thanks for the great ideas, keep them coming!

    Posted 14 years ago on Sunday January 31, 2010 | Permalink

  3. bizingenuity
    Member

    Was POST ever enabled? Is there any way to do this?

    Posted 13 years ago on Wednesday March 23, 2011 | Permalink

  4. Carl Hancock
    Administrator

    No, the confirmation redirect only does a redirect and passes the data via query strings. It isn't technically a GET because it's a redirect, but the data can be accessed like a GET because it's in the query string.

    If you want to post the data to a 3rd party service when the form is submitted you would have to write custom code and use the gform_post_submission hook to customize it to do whatever you want. Documentation for that hook is here:

    http://www.gravityhelp.com/documentation/page/Gform_post_submission

    Posted 13 years ago on Wednesday March 23, 2011 | Permalink