I'm trying to submit a payment to a site and I need to get a returned Location header. I have tried allow_redirects=False
but I'm not getting the header returned. Most of the posts are with a session so I have tried both the session and just requests.
Returned Headers:
{'Allow': 'HEAD, GET', 'Content-Length': '0', 'Server': '', 'Expires': 'Wed, 13 Apr 2022 01:34:32 GMT', 'Cache-Control': 'max-age=0, no-cache, no-store', 'Pragma': 'no-cache', 'Date': 'Wed, 13 Apr 2022 01:34:32 GMT', 'Connection': 'keep-alive', 'Server-Timing': 'cdn-cache; desc=MISS, edge; dur=11, origin; dur=7', 'Strict-Transport-Security': 'max-age=31536000 ; includeSubDomains'}
Chrome Headers:
cache-control: max-age=0, no-cache, no-store
content-length: 0
date: Wed, 13 Apr 2022 00:48:21 GMT
expires: Wed, 13 Apr 2022 00:48:21 GMT
location: https://www.bigw.com.au/checkout/webpay/success?dts_reference=5000000315110950
pragma: no-cache
server-timing: cdn-cache; desc=MISS
server-timing: edge; dur=11
server-timing: origin; dur=197
set-cookie: AKA_A2=A; expires=Wed, 13-Apr-2022 01:48:21 GMT; path=/; domain=payments.woolworths.com.au; secure; HttpOnly
strict-transport-security: max-age=31536000 ; includeSubDomains
My Code:
headers = {
'authority': 'iframe.payments.woolworths.com.au',
'method': 'POST',
'path': '/WOWPaymentService/webservice/continueSecureData',
'scheme': 'https',
'accept': 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9',
'accept-encoding': 'gzip, deflate, br',
'accept-language': 'en-GB,en;q=0.9',
'cache-control': 'max-age=0',
'content-length': '147',
'content-type': 'application/x-www-form-urlencoded',
'dnt': '1',
'origin': 'https://iframe.payments.woolworths.com.au',
'referer': link_full,
'sec-ch-ua': '" Not A;Brand";v="99", "Chromium";v="100", "Google Chrome";v="100"',
'sec-ch-ua-mobile': '?0',
'sec-ch-ua-platform': '"Windows"',
'sec-fetch-dest': 'iframe',
'sec-fetch-mode': 'navigate',
'sec-fetch-site': 'same-origin',
'sec-fetch-user': '?1',
'upgrade-insecure-requests': '1',
'user-agent': 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.88 Safari/537.36'
payload = {
'card_number': '4007000000027',
'exp_month': '04',
'exp_year': '2023',
'cv2_number': '456',
'HPS_SessionID': str(link),
'issue_number': '',
'action': 'confirm'
r = requests.post("https://iframe.payments.woolworths.com.au/WOWPaymentService/webservice/continueSecureData", allow_redirects=True, verify=False, json=payload, headers=headers, timeout=10)
Sorry, it's tabbed over 😂
Any help is appreciated!
The documentation advises you to consult r.history
rather than r.url
Also, when you had allow_redirects=False
I assume you verified that r.status
was 301 or 302?
You should be able to chase the redirect at app level.