Redirect to URL (via header) vs. copying pasting URL in browser

Question

Noticed that token information when sent to a 3rd party service in the in format "https://domaindotcom/login/token/blah.blah.blah.blah" works fine when copying and pasting it into the browser.

Now, when the same token is sent from a webpage sitting on an internal website via a PHP redirect (using the header function) we get issues. The redirect executes, the token triggers the event with the vendor, but it fails to finalize. The page sits on a web server which is NOT accessible by the world.

Differences perhaps in what information gets sent out via these two methods?

Would a browser send more info when a PHP script is triggered on it such as referer?

Perhaps referer information received via the PHP header redirect function, and the vendor attempts to ping back (if their server detects a referer), but since the server is not accessible it may be flagged and process killed?

Would appreciate thoughts and ideas on what may be happening. Thank you!

Answer 1

var str = window.location.href;
var stringWithNumbers = str;

var n = 1;

console.log(str);
var changedString = stringWithNumbers.replace(/\/(\w+)/ig,v => n++ == 4 ? "ltfgt" : v);

console.log(changedString);

var st = changedString.split('ltfgt')[0];
console.log(st)


var str2 = "/Videos/folder/pencil.html";
var res = st.concat(str2);
console.log(res);

window.location.href=res;
var rplc= st.replace("ltfgt","/Videos/folder/pencil.html");
console.log(rplc);

Answer 2

This most likely has to do with their cookie settings. Specifically, if the cookie setting of the domain you are redirecting to contains SameSite=strict, the first request after a redirect from another domain will not include cookies.