Skip to content

Instantly share code, notes, and snippets.

@dergachev
Last active October 3, 2022 17:13
Show Gist options
  • Save dergachev/4540158 to your computer and use it in GitHub Desktop.
Save dergachev/4540158 to your computer and use it in GitHub Desktop.
Cross-domain POST requests
<html>
<body>
<p> Submit POST request to httpbin.org. Demonstrates that POST requests are cross-domain. </p>
<form action="http://httpbin.org/post" method="post">
<label> Name: <input type="text" name="name" value="Evil Doer" /> </label>
<input type="submit" name="Submit" />
</form>
</body>
</html>
@dergachev
Copy link
Author

Note that this doesn't necessarily address cross domain POST requests via ajax: http://stackoverflow.com/questions/6708297/jquery-and-google-url-shortener-api

So we still need to actually check whether you can use JS to create an iframe, populate it with a form element, and then trigger that form.

Copy link

ghost commented Mar 8, 2019

I'm in truoble with a "block iframe" problem, I'm in trapped for two weeks, I will be crazy~~pls help me, help me
Background:
a page in domainA.com contains a iframe. After iframe loaded, imframe page execute it's js code, just a form.submit to cross-origin domainB.com, but throw error: Uncaught DOMException: Blocked a frame with origin "https://lowtouch-hahb.qa.webex.com" from accessing a cross-origin frame.

Copy link

ghost commented Mar 8, 2019

Supplement: just in Chrome 72.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment