Error Message
When I validate a form from another domain, the _POST data disappeared. How can I send this data ? PS: Sometimes this data are big so I can’t use GET.
Other Information
How can I send data from another domain to my website ?
When I validate a form from another domain, the _POST data disappeared. How can I send this data ? PS: Sometimes this data are big so I can’t use GET.
How can I send data from another domain to my website ?
Using an HTML form?
Can you share the front end and backend code you have?
Front:
function sendToServer(playlist_txt, listID, nb) {
// Créez un formulaire dynamiquement
var form = document.createElement('form');
form.method = 'POST';
form.action = 'https://yt.mi.42web.io/add.php';
// Ajoutez les champs et leurs valeurs
var champ1 = document.createElement('input');
champ1.type = 'hidden';
champ1.name = 'playlist';
champ1.value = playlist_txt;
form.appendChild(champ1);
var champ2 = document.createElement('input');
champ2.type = 'hidden';
champ2.name = 'nb';
champ2.value = nb;
form.appendChild(champ2);
var champ3 = document.createElement('input');
champ3.type = 'hidden';
champ3.name = 'listID';
champ3.value = listID;
form.appendChild(champ3);
var champ4 = document.createElement('input');
champ4.type = 'hidden';
champ4.name = 'name';
champ4.value = document.title;
form.appendChild(champ4);
document.body.appendChild(form);
form.submit();
}
Back:
var_dump($_POST);
Return:
array(0) => {}
You need to investigate if the javascript code even works at the first place.
CORS might be an issue when trying to post things to a different domain. A Content Security Policy might also prevent it. Finally, free hosting has a security system that blocks many cross domain things: Ensuring only web browsers can access your website
And that’s all assuming your code is correct. Because I’ve personally never thought of using DOM manipulation to construct a POST request.
The first thing I would do is to open the Network tab in my browser’s Developer Tools to make sure that:
Post data are correctly send but after the ?i= redirection, there are not re-send… -_- It’s sad because this security system limit our possibilities… Is there any way to the server re-send the post data after a ?i= redirection ?
I don’t think so. I can’t think of any workaround to this particular issue that could be applied here.
To make your project succeed, I can offer a few suggestions:
How the security system makes the difference between a request from the same domain and a request from another domain ? Because maybe with a chrome extension we can say to the server “hey ! It’s ok ! I’m from the same domain”
Because that’s how CORS works. A policy is defined at a single protocol
://domain
:port
https://fetch.spec.whatwg.org/#cross-origin-resource-policy-header
https://fetch.spec.whatwg.org/#cors-protocol-and-credentials
It works through cookie isolation. When you first visit any site hosted here, the security challenge will set a cookie in your browser valid for that specific domain. So if you are viewing mi.42web.io
, then the cookie will only be valid for mi.42web.io
. If you then try to navigate to yt.mi.42web.io
, then the same cookie is not sent, and the security challenge is presented again.
I’m not familiar with the exact APIs available to browser extensions and if you can copy cookies between domains. Maybe it’s possible, but having to use a browser extension so you can spread a website across multiple subdomains seems like a pretty impractical and cumbersome solution to me.
It’s possible between a base domain and a subdomain.
It’s also possible to copy cookies between different base domains, but that’s diasbled by modern browsers by default, and Chrome is dropping support for it in the latest version.
This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.