Can I do a non-hostile cross-domain POST now?
Just tried this out, and yes, it completely works:
http://www.alphasmanifesto.com/tests/testPostSender.php (Test page not active anymore.)
Source code for sender:
<html>
<body>
<form method="POST" action="http://www.automatumvitae.com/testPostReceiver.php">
<input type="text" name="text" />
<input type="submit" />
</form>
</body>
</body>
Source code for receiver:
<html>
<body>
<p><?php
if (isset($_POST['text'])) {
$text = $_POST['text'];
echo "Succeded! Submitted value: $text";
} else {
echo "Didn't receive anything. :(";
}
?></p>
</body>
</body>
As a side note, this has been tried on two different domains under the same server. It is a cross domain post but they both point to the same IP. (I don't think it should affect anything, though.)
I tried this out on FF and Chrome and haven't found a single issue.
kojiro
Updated on September 18, 2022Comments
-
kojiro over 1 year
One requirement for a site I'm working on calls for visitors to be able to sign up for an email list. Rather than add server-side handling for this otherwise static site, I would like to POST from the email signup form to another server (owned by the same client) that already has an email signup handler on it.
But that server is on a different domain, so I expect some resistance from UA CSRF protections, but I don't know exactly what to expect. (There is practically no JS involved with this, just cross-site POSTing.)
- Is what I want to do possible at all, or do I need to iframe the email signup form from server #2?
- If it is possible, what kind of problems can I expect to face, and how should I overcome them?
-
kojiro over 12 yearsPS – CSRF doesn't seem to be a tag, and I don't have the cred to add it. XSS is related, so I used that, but it's not the tag I really would've chosen.