Possibly off topic but I am not sure....
I have a page that contains a payment button for paypal which is essentially a form
that gets POST'ed to paypal's https server.
I would like to do some processing on my end when the user clicks on that form.
My config is Apace 1.3.2x, MP 1.2x, Apache::Registry (all very recent but don't have
the numbers handy here).
My idea is to replace the action on the form to point to my (non-https) web server, do
my processing, and then redirect the request to paypal via 307.
My research seems to turn up that the appropriate RFC says the browser "MUST" confirm
such a redirect with the user, which is no good for me on the server end (although I
understand why on the client side).
I don't want to proxy the paypal server because:
- it seems like a security issue, even if I use https
- it probably violates paypal TOS
If it doesn't violate the TOS, I suppose I could just proxy the PayPal landing page
and let paypal handle it from there. But I am hoping for a easier solution... any
ideas?
I am looking into the more advanced paypal instant notification stuff for the next
version of my sw, but version one is using a simpler approach to get it out the door.
Even that paypal sw wouldn't solve my problem, which is to make sure that the POST to
paypal actually matches the transaction that the user has built up.
GV
