Use redirect in onAjaxRequest method component class

Hello,

I’m trying to redirect to 403 in an onAjaxRequest method in a component class:

public function onCreateVoteEntry()
    {
        $formData = \Input::post();

        ...

        // captcha
        if ($formData['captcha'] !== Session::get('captchaName')) {
            // change captcha on fail
            $resetCaptchaResult = $this->gobCaptchaChangeChosenNameFail();
            if ($resetCaptchaResult === 'goto403') {
                return Redirect::to('/403');
            }
            return [
                'gobCaptchaImagePath' => $this->generateCaptchaTextStore(),
            ];
        }

        ...
}

What happens is, that the component method returns the intended URL to the frontend JS.

I checked out the rainLab user Account.php, but didn’t get any smarter:

This is my next attempt:

if ($resetCaptchaResult === 'goto403') {
    $forbiddenUrl = url('403');
    header('Location: ' . $forbiddenUrl, true, 302);
    exit();
}

But again, the whole 403 page markup is sent to FE.

Of course I’d be able to redirect in JS, but I want to make an own captcha for bot protection and I rather redirect to real 403 page with PHP.

Try returning a Redirect response object from the AJAX handler. For example:

return Redirect::to(url('403'));

Hey @daftspunky

Thanks for your suggestion, but if I do that, then the URL of the redirect gets sent to the JS, where I do my form request.

Maybe I forgot to mention, that I do the form request in JS:

oc.request('#gob-form', 'onCreateVoteEntry', { ...

I’m not sure I’m following, but to return the URL instead

return ['redirect' => url('403')];

Then you can access it via the response data.

I’m sorry for the insufficient description.

Yes, this will work. Thanks!

I was thinking, it would be saver to implement a PHP redirect instead of a JS redirect. I’m working on my own captcha and I thought, if a user would make too many wrong captcha posts, then I should redirect with PHP. But actually it’s a bot protection anyway and if the bot just gets the 403 URL back after some fails, that’s totally fine.