HTML 表单 POST 跨域 [英] HTML Form POST Cross Domain
问题描述
我有一个非常简单的 HTML 表单,它使用 POST 并且它的操作在我的 Web 服务器上调用一个 PHP 脚本.
I have a very simple HTML form that uses POST and its action calls a PHP script on my web server.
这是关键...包含表单的 html 不在同一台服务器上,而是存在于不同的域中.在不解释这个问题的情况下,出于商业原因必须这样做.它们需要存在于这些特定域中.
Here is the kicker... the html that contains the form isn't hosted on the same server and exists in a different domain. Without bogging down this question with explanation this has to be done for business reasons. They need to exist within these specific domains.
当我提交表单时,我正确访问了 PHP 脚本,但随后我尝试拉出 POST 数据,但它消失了.我认为这是一个安全问题,因为我暂时将表单与 PHP 放在同一台服务器上并且运行良好.
When I submit my form I access the PHP script correctly but then I try and pull out the POST data and it is gone. I'm thinking this is a security problem because I temporarily put the form on the same server as the PHP and it worked fine.
有什么方法可以让我在两个独立的域中使用它?提前致谢.
Is there a way that I can get this to work with the two separate domains? Thanks in advance.
PHP 代码 (emailTemplate.php):
PHP Code (emailTemplate.php):
<?php
var_dump($_POST);
?>
HTML 表单:
<form name="emailForm" id="emailForm" method="post" onsubmit="return beforeSubmit();" action="https://***.***.com/emailTemplate.php">
<textarea rows="15" cols="75" id="myHtmlText" name="myHtmlText"></textarea>
<input type="text" id="toAddr" name="toAddr" size="60"/>
<input type="text" id="fromAddr" name="fromAddr" size="60"/>
<input type="text" id="subjectLine" name="subjectLine" size="60"/>
<input type="submit" name="Submit" value="Email Letter">
</form>
推荐答案
如果您只是在 IE 中遇到此问题,则可能是他们的 XSS 过滤器造成的.这篇文章 提供了禁用它的详细信息.
If you're only experiencing the issue in IE, their XSS filter may be to blame. This article provides details for disabling it.
要完全避免此问题,请尝试将您的表单发布到服务器上的 PHP 脚本,并在该脚本中创建一个将表单发布到其他脚本的 cURL 会话.XSS 事务独立于客户端的 Web 浏览器发生,从而在此过程中避免了这些基于浏览器的安全限制.
To avoid this problem entirely, try posting your form to a PHP script on your server, and in that script, create a cURL session that posts the form to the other script. The XSS transaction occurs independently of the client's web browser, averting these browser-based security restrictions in the process.
这篇关于HTML 表单 POST 跨域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
