A common method that Payment Gateways work is this:
- I post the amount and other secure details to the Gateway URL
- The Gateway then claims to POST to my return/callback URL with the transaction outcome
In this scenario, I have a question: How does the Gateway POST to my URL but display the result of the POST in my browser rather than their POST’ing code? Are they doing the POST with a Redirect to my URL (which I think is not possible according to the HTTP spec)?
The only other way I can think of is that they send the payload with a GET that includes Javascript that POSTs locally once it reaches my server. This too is unlikely since it works even when I disable Javascript
Would really appreciate an explanation of how they do it