发布从一个HTTPS一种形式到另HTTPS站点造成安全警报 [英] posting a form from one HTTPS to another HTTPS site causing security alert
问题描述
我需要从一个.NET网站,以便在同一台服务器(不同的虚拟目录)上承载的经典ASP网站张贴的字符串。
I need to post a string from a .NET site to a Classic ASP site which are hosted on the same server (different virtual directories).
HTTPS://example.com/DOTNETSite/Sender.aspx
https: //example.com/DOTNETSite/Sender.aspx
到
HTTPS://example.com/ClassicASP/SomeFolder/Target.asp
https: //example.com/ClassicASP/SomeFolder/Target.asp
Target.asp页面有3种方式处理传入的数据:
Target.asp page has 3 ways to handle incoming data:
- 表单提交
- 查询字符串
- 标题
我无法通过我的数据查询字符串。这样的选择是出来。我通过在服务器端建立一个形式和吐出的JavaScript code做了form.submit尝试表单POST()方法。但是,这是造成Internet Explorer中抛出一个安全警报的用户。我们希望避免这种情况。请让我们知道了什么是克服这种情况的最好办法。由于一吨。
I cant pass my data in query string. so that option is out. I am trying the Form post method by building a form on the server side and spitting out javascript code to do a form.submit(). But this is causing a internet explorer to throw a Security Alert for the user. We want to avoid this. Please let us know what is the best way to overcome this situation. Thanks a ton.
推荐答案
现在你正在做的:
你的服务器---->客户端/浏览器---->他们的服务器
your server ----> your client/browser ----> their server
相反,你应该使用:
你的服务器---->客户端/浏览器---->你的服务器---->他们的服务器
your server ----> your client/browser ----> your server ----> their server
这是(如果它不够清晰),使它的形式发送到您自己的服务器。
如果您的服务器接收的形式,就应该将其发送到目标服务器。
That is (if it wasn't clear enough), make it send the form to your own server. When your server receives the form, it should send it to the target server.
在基本层面上,这个作品。然而,如果用户是应该被记录在第二服务器等上可能得到的问题。
On a basic level, this works. However, you may get issues if the user is supposed to be logged in on the 2nd server etc.
我会尽力来说明PHP的例子:
I'll try to illustrate an example in PHP:
文件: form.html 的
<form action="send.php" method="post">
....
</form>
文件: send.php 的
<?php
$url='https://example.com/ClassicASP/SomeFolder/Target.asp';
// create new cur connection
$ch=curl_init();
// tell curl target url
curl_setopt($ch, CURLOPT_URL, $url);
// tell curl we will be sending via POST
curl_setopt($ch, CURLOPT_POST, true);
// tell it not to validate ssl cert
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
// tell it where to get POST variables from
curl_setopt($ch, CURLOPT_POSTFIELDS, $_POST);
// make the connection
curl_exec($ch);
// close connection
curl_close($ch);
?>
这篇关于发布从一个HTTPS一种形式到另HTTPS站点造成安全警报的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
