在iframe中自动登录远程站点内部 [英] auto login remote site inner in iframe
问题描述
我有一个现有的远程站点,它具有身份验证访问权限,现在我想使用iframe在我自己的站点中组合此站点。有什么解决方案可以帮助加载iframe时自动登录远程站点?
< iframe src =http:/ /remote.com/list\"></iframe>
如果要访问 http ://remote.com/list ,登录要求并只发布用户名/密码的作品。如何在iframe加载时自动登录?
以下是一些限制
- 登录仅适用于post方法
- iframe / javascript有跨域问题
- 没有登录API提供
- no其他修改可以在远程站点完成
一切皆有可能。然而,由于披露了访问远程页面的详细信息,下面的解决方案非常不安全。
< form id =login target =framemethod =postaction =http://remote.com/login>
< input type =hiddenname =usernamevalue =login/>
< input type =hiddenname =passwordvalue =pass/>
< / form>
< iframe id =framename =frame>< / iframe>
< script type =text / javascript>
//将表单提交到iframe以登录到远程站点
document.getElementById('login')。submit();
//一旦您登录,更改源url(如果需要)
var iframe = document.getElementById('frame');
iframe.onload = function(){
if(iframe.src!=http://remote.com/list){
iframe.src =http:// remote .COM /列表;
}
}
< / script>
用户名和<$ c的值$ c> password 输入在客户端可读。
I have an existing remote site which has Authentication to access, now I want to combine this site in my own site using iframe. Is there any solution which can help to auto login remote site when load the iframe?
<iframe src="http://remote.com/list"></iframe>
If want to access http://remote.com/list, login require and only post username/password works. How to auto login when iframe loaded?
Here are some restriction
- login only works with post method
- iframe / javascript has cross domain issue
- no login API provide
- no other modification can do in remote site
Everything's possible. However the solution below is very insecure due to disclosure of access details to the remote page.
<form id="login" target="frame" method="post" action="http://remote.com/login">
<input type="hidden" name="username" value="login" />
<input type="hidden" name="password" value="pass" />
</form>
<iframe id="frame" name="frame"></iframe>
<script type="text/javascript">
// submit the form into iframe for login into remote site
document.getElementById('login').submit();
// once you're logged in, change the source url (if needed)
var iframe = document.getElementById('frame');
iframe.onload = function() {
if (iframe.src != "http://remote.com/list") {
iframe.src = "http://remote.com/list";
}
}
</script>
The values of username and password inputs are readable on the client side.
这篇关于在iframe中自动登录远程站点内部的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
