I think the idea is to give you control over the response, but not give you the ability to set headers, which could result in a lot of exploitation. You could just replace the function that generates the relay response (in the PHP API, getRelayResponseSnippet() in AuthorizeNetDPM.php) with code that gives a response more to your liking. Not that anyone I know has had problems with only going one way - people aren't supposed to be hitting back through the ordering sequence anyway.
Thanks for responding. Unfortunately, now that I've integrated DPM with my site, I'm more confident that the current implementation requiring an HTML refresh/redirect is less than ideal. In addition to not being "correct", it requires integrating sites to implement more code. Worst of all, it unnecessarily interrupts what would otherwise be seamless integration. I had previously been using an advanced integration method (payment form submitted to my server) via ActiveMerchant. Before DPM integration, as a user, if I submitted a valid payment form, I would immediately see a confirmation page. With DPM, I see an intermediate page splash followed by an automatic redirect to the confirmation page. Now of course, as you mention, the intermediate page can be customized, but I don't need or want to see/wait for it at all. Integrating DPM has had a negative impact on the user experience.
Not really. If you wait long enough, one of the admins will read this, but the chances of any mechanics change being implemented within at least the next few months are minimal. Theoretically, you can prevent the user from hitting "back" from the receipt, though:
As @TJPride mentioned, I have been lurking here during your discussion and have forwarded this suggestion to our product management team for consideration in a future release. Unfortuantely, I can't provide any guidance on when this might be included.
I'd recommend subscribing to this topic so that you'll be alerted via email if there are updates or suggestions from other community members. To subscribe, click Topic Options at the top of this thread and then select Subscribe. You'll then receive an email once anyone replies to your post.
It's as if the Authorize.net DPM developers never heard of the HTTP 'Location' response header :robotsurprised:
Additionally, Use of meta refresh is discouraged by the World Wide Web Consortium