Can i use POST requests from other site to post data in database? Or my site/account will get banned for that?
hello
sub(domain) or?
you will probably be prevented/blocked by this
https://infinityfree.net/support/javascript-error-using-api-or-mobile-android-app/
Just completely another domain and site. I wanted to use tampermonkey script on this site and store necessary information in database, to check it out later.
@MrJunior said:
Just completely another domain and site. I wanted to use tampermonkey script on this site and store necessary information in database, to check it out later.
Your account won’t get banned, but due to the security system @OxyDac already linked you will not be able to use your website here as a data store for an external application.
@Admin said:
@MrJunior said:
Just completely another domain and site. I wanted to use tampermonkey script on this site and store necessary information in database, to check it out later.Your account won’t get banned, but due to the security system @OxyDac already linked you will not be able to use your website here as a data store for an external application.
hm, but you can check my account, i already tried to do stuff like that and it worked fine. If i won’t get banned for that i can continue?
HI 
you say
website A writes something in DB on Website B
and browser is not included - all information is transferred without browser
(I mean strictly to transfer information not to the interface)
where is the DB stored? here on Infinity?
please write PoC (step by step) if you have time
but please do not post it here
because if that is true - then it is not for the public eye
admin will probably tell you to send it to the official if. mail
P.S. if you put the pictures in attach. then say that in a mail so that admin can look at another mailsys that supports the images.
thank you for your time
Didn’t get where to have i write it? DM’s? Email?
thanks for your reply
The admin is probably busy but as soon as he comes he will decide what is the next step
@MrJunior said:
@Admin said:
@MrJunior said:
Just completely another domain and site. I wanted to use tampermonkey script on this site and store necessary information in database, to check it out later.Your account won’t get banned, but due to the security system @OxyDac already linked you will not be able to use your website here as a data store for an external application.
hm, but you can check my account, i already tried to do stuff like that and it worked fine. If i won’t get banned for that i can continue?
I’m not 100% sure what exactly you’re doing, but if it works, it works and you’re good to go. Just don’t overload the servers or do bad stuff with it.
Didn’t do anything last time, I’ll write here when I’ll realize that again.
Okay, that probably won’t overload anything, pretty ordinary one.
Actually did that. You can check php file in error directory on mine main site.
So will you do something with that thing?
Hope that doesn’t overload servers and isn’t such a problem?
@MrJunior said:
So will you do something with that thing?
Hope that doesn’t overload servers and isn’t such a problem?
Do what with what thing? I’m sorry, but I don’t understand what you’re asking.
Is this ‘issue’ okay?
@MrJunior said:
Is this ‘issue’ okay?
I’m sorry, but I still don’t understand. What issue? The security system? The security system is still protecting our servers and the websites on it, so I’d say it’s doing OK. Can’t say the same for applications which cannot be used because of the security system.
I mean this thing which i use to put in database information from other domain. I thought it’s kind of not allowed method… Anyway if that okay, i have another stupid question: i probably not allowed to share information from database via site(kind of api)
@MrJunior said:
I mean this thing which i use to put in database information from other domain. I thought it’s kind of not allowed method… Anyway if that okay, i have anotherstupidquestion: i probably not allowed to share information from database via site(kind of api)
The security system works by essentially blocking all automated access to your account. You cannot access code or data on your hosting account from anything other than a web browser.
It doesn’t matter whether you try to push or pull data from your account. Access is blocked before that distinction becomes relevant.
So it’s allowed to share data in json format e.g? And only browsers can access it, so i can share data between different sites/hostings?
@MrJunior said:
So it’s allowed to share data in json format e.g? And only browsers can access it, so i can share data between different sites/hostings?
I think JSON Call is not allowed if you want to access your site from other site then RSS feed is on the best ways!
@MrJunior said:
So it’s allowed to share data in json format e.g? And only browsers can access it, so i can share data between different sites/hostings?
To repeat: automated access is blocked by the hosting servers before it ever hits your website code. It doesn’t matter whether you use GET, POST, PUT, PATCH or DELETE calls, and it doesn’t matter whether you use HTML, URL Encoded Form, XML (including RSS), JSON, Multipart Form, Key-value, YAML or any other data format.
From the article:
Due to this system, the following website features are not supported.
- AJAX requests from other websites. AJAX requests are only possible on the same (sub)domain.
- Hotlinking and embedding images and other (static) files on other websites.
The security system makes it impossible to automatically share data between websites, hostings and applications. Any HTTP call without a valid cookie will return a HTTP 403 response with a Javascript challenge you need to complete. Browsers handle this automatically and transparently, but PHP scripts, mobile apps and other non-browser applications won’t.
Note that browsers will only complete this challenge if the domain name in the URL bar matches the URL the browser should request the data from. Browser security features prevent script execution from other domains. You cannot even share data across domain names on the same account.
It’s not like you’re not “allowed” to share data. We won’t take down your accounts if you try it. But you’re just unable to.
If you have any other ideas on what might be allowed, try it! If you can make it work, it’s allowed. If it doesn’t, then we’ve likely blocked it.