--- Raditha Dissanayake <[EMAIL PROTECTED]> wrote: > It's not often that i disagree with the other chris but one occaision > where meta refresh turns out to be the only solution is when working > with some payment gateways where instead of doing a simple old post to > your return page they include it inside their own thank you page so the > headers will not work. > > Lame? well some of the best known gateways are doing it.
You're right, but I don't think this means that we must disagree. :-) In my opinion, this simply falls into the narrow category for which the http-equiv attribute was created. If you want to specify an HTTP header in the content, it's your only option. This is such a case. Because the payment processor is the one acting as the Web client, it is they who receive your HTTP response. They only display the content of this response to the end user, so any headers you set are probably discarded (or maybe the payment processor is redirected?). However, this has lead to people using this same approach in the 99% of situations where it is not necessary. If the user's Web client is receiving your HTTP response in its entirety (the usual situation), you can set any HTTP header you want the "right" way. I don't have the URL handy, but there is a site somewhere that has been conducting extensive tests to determine which headers have good http-equiv support among various browsers. While Refresh is pretty well supported, other headers are not, and the most consistent support for any header definitely lies with it being sent within the protocol where it is intended. Hope that helps. Chris ===== Chris Shiflett - http://shiflett.org/ PHP Security - O'Reilly Coming mid-2004 HTTP Developer's Handbook - Sams http://httphandbook.org/ PHP Community Site http://phpcommunity.org/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
