I have two different apps hosted under two different domains.
Once the user is logged in app 1 (hosted on aws) and click on the "my profile" button, he/she is redirected to a html page that contains an ajax form.
This ajax form makes a request to app 1's backend and the backend responds with a html form already filled with the infos needed to send the user logged to app 2 (hosted on IIS). This html response also contains a <script> tag with a .submit() function to automaticaly submit the form.
The ajax then place this html form inside a given <div> and the form is submited to app 2.
The problem is that the submition of the form is being blocked... I doesn't say why, but in the browser's Network tab, the status appears as "canceled".
I can imagine that the issue might be related to CORS, but I'm not sure since it doesn't give the cors error explicitly.
Also, it works when running app 1 in localhost.
Edit:
It seems that is not the form submition that is being blocked, but maybe the ajax request to the api asking for the form or the api response containing the form... I'm not sure.
At first, when the ajax request POST to the api, the Network tab shows this (image 1).
Then, when I get the canceled/blocked error, it shows this (image 2)
Related
I have a chrome extension that runs on YouTube. I want to be able to trigger the subscribe button click from javascript using a POST request.
I have been able to extract the POST request URL when a user clicks the Subscribe button (using the chrome network screen)
I have then used this URL in my own POST request and I get a 400 error and a response saying "Precondition check failed"
Now when I check the difference between my POST request and the POST request from the user interface(Clicking Subscribe button). I found that my request is specifying that it is an XMLHttpRequest. Whereas the user interface version has a lot of Tokens and auth elements to it.
Is it possible to actually mimic the POST request of a subscribe click? I am not looking for a workaround, I would just like to know if it is possible and how it can be done.
Thanks
Short:
Is there a way to send POST data from a intermediate PHP page to another resultant page?
Long:
I have a page, let's say A.php where a form is present. The data is filled in the form, and send through POST to another page B.php
B.php checks the value and finds that the value entered is not correct (form validation). We redirect back to A.php with message "Invalid"
Right now I am sending data like this:
header("Location:A.php?msg=Invalid");
But I want to hide the msg part in URL from the user, by sending it in POST method or so.
I am not forced to use any particular method. This is just a project I am working on. So, please enlighten me.
So far I came to know that there is no way we can do that using header in PHP.
A better way to do this is to always post back to the same page. If there is an error you can then just display it without needing to redirect.
If there is no error then redirect to a results/response page.
The advantages of this are:
No need to send data that may be private through a redirect
If there was an error then refreshing the POST will continue to fail and will continue to only show the error message and allow the user to correct their mistake
If there was no error then the redirect will remove the POST operation and replace it with a new GET operation.
Refreshing the result page will not produce another POST operation, which might cause a problem with your data/database.
Example of what happens:
So first the browser sends a GET request for a.php.
On Form submission the browser sends a POST request for a.php.
If the code for a.php detects an error it just re-renders the same page with the form tags filled in with the POST values.
If the code for a.php does not detect an error then it does whatever it needs to do to save the data and then sends a redirect request for b.php.
The browser sends a GET request for b.php and removes the a.php from its history.
b.php displays some kind of thank you note or confirmation.
I have a Django form, which sends the form data to an external source(to be more precise, it is a PayPal payment form). The user enters the price for the product, clicks on the button and the POST request is send to PayPal triggering the normal payment process.
Now I want to use OTP (like Google Authenticator) to validate each payment.
How should the validation be realized? I thought of several scenarios, but none of them is really satisfying:
Should I send the request first to my site, validate the OTP and then redirect the User to the PayPal site with the data via a POST request, coming with the request? Problem: POST requests are not meant to be redirected and I don't know, how to realize it in django.
Should I write JavaScript code, which sends an ajax request to my site, and "activates" the form on success? Problem: smarter users could just activate the form from the browser console, without sending the ajax request. Does anybody know some kind of activation trick in JavaScript, which is not "hackable"
I would be glad to hear some more solutions from you or some suggestions, how the solutions above could be realized without the problems mentioned.
EDIT - My Solution so far:
I have done a work around and split the form in two. The first form checks the OTP and sends the data to my internal django view. It also creates a model instance with an generated invoice, which can then be checked in the PayPal IPN routine. The second form is a PayPal payment form, which sends the POST request to PayPal. You can find the simplified code in the following Github-Gist:
https://gist.github.com/BloodyD/2cd15f38d0f666cf3a73
First method - normal redirection after POST:
I don't know why do You think that there shouldn't be any redirect after POST request? In django it happens all the time, without that each page refresh directly after adding something to database will trigger adding it one more time.
To redirect user into proper paypal page, you can just send HttpResponseRedirect instead of normal response when form is submitted with valid form data. If not, display some error messages.
2nd solution: using javascript.
You can send url to redirect to (paypal url) in AJAX response, so user won't be able to bypass this. Simply put some form submitted by AJAX, if it returns URL to redirect, just redirect user. If not, display error message.
I know its a basic question and it is been asked for several times but i was not able to understand it.
I was using a html webpage with some input fields and submit button when the submit button is pressed the post is done through XMLHttpRequest and CGI script is called. In cgi script the authentication is checked with the value in the file of server.
The problem is that if the authenication is false i want to redirect the browser to the xmltest.shtml for this i have written in the CGI:
if($isauthenticated == 0)
{
print "Location: http://xmltest.shtml\n\n";
}
But when this cgi is called in return the get is called with the xmltest.shtml page but the browser is not redirected.
It means that if I check in the Firebug console the get request is seen by me for the xmltest.shtml but the browser page is not redirected to the xmltest.shtml it remains to the same page.
You can't cause the page to redirect that way. When you use XMLHttpRequest, you are sending the redirect header to the XMLHttpRequest client, which runs in the background. You will successfully redirect that client, but it will not affect the page on the screen.
If you want to redirect the actual browser page in response to an XMLHttpRequest session, you will need to write some JavaScript to capture the error condition and redirect the browser by updating the value of document.location.href.
If you're using an AJAX framework like jQuery, there is an error callback available in the ajax method which will get executed if your failed request returns an HTTP 403 or similar.
I have 2 pages, a static html page and a python script - hosted on [local] google app engine.
/html/hello.html
define as login: required
/broadcast
which is a python script
when I access hello.html for the first time I am redirected to login page, I sign in, and then redirected back to hello.html.
inside hello.html - an AJAX call with jQuery is executed to load data from '/broadcast', this call errors saying 'you're not logged in'!
BUT - the same call to '/broadcast' through the browser address field succeeds as if I AM signed in!
as if the ajax and the browser callers have different cookies!??
HELP, am I going bananas?
Stupid me...
The ajax call was to localhost/broadcast
and the browser address field was 127.0.0.1/broadcast
...
the cookies for "different" domains ('127.0.0.1' != 'localhost') are not shared ofcourse...
Then I haven't gone mad...