开发者

Client HTTP Post to external sites

开发者 https://www.devze.com 2023-01-09 21:58 出处:网络
Is there any web language that allows the client itself to create HTTP posts to external sites. I know that JavaScript does this with XMLHttpRequest, but it does not allow cross-domain posting, unles

Is there any web language that allows the client itself to create HTTP posts to external sites.

I know that JavaScript does this with XMLHttpRequest, but it does not allow cross-domain posting, unless the recipient domain wants to allow the sending domain.

I want to post data to an external site (that I don't control) and have the request be authenticated with what the client's browser already has (cookies, etc).

Is this possible? I tried cURL but it seems to make a server HTTP post, not a client HTTP post.


Edit:

A bit more insight of what I am trying to do:

I am trying to POST JSON to the website using the user's session (I said cookies but I believe they are PHP sessions, which I guess I still consider cookies).

The website does NOT check the referral (poor security #1) I can execute javascript and html on the webpage using my personal homepage (poor security #2) The JSON code will still work even if the content-type is form (poor security #3) There is no security checking at all, just PHP session checking.

The form idea is wonderful and it works. The probably again is that its JSON. So having sent postdata as foo={"test":"123", "test2":"456"} the whole foo= part messes it up. Plus forms seem to turn JSON into form encoding, so its sending:

foo=%7开发者_如何学编程B%22 test%22%3A+%22 123%22%2C+%22 test2%22%3A+%22 456%22%7D

when i need it to send;

{"test":"123", "test2":"456"}

So with everything known, is there a better chance of sending JSON or not?


I don't think so: You won't get hold of the user's auth cookies on the third party site from server side (because of the Single Origin Policy) and you can't make Ajax requests to the third party site.

The best you can do is probably create a <form> (maybe in an <iframe>), point it to the third party site, populate it with data, and have the user submit it (or auto-submit it). You will not be able to get hold of the request results programmatically (again because of the Single Origin Policy), but maybe it'll do - you can still show the request results to the user.


I think for obvious reasons this is not allowed. If this was allowed what would stop a malicious person from posting form data from a person's browser to any number of sites in some hidden iframe or popup window.

If this is a design of your application you need to rethink what you are trying to accomplish.

EDIT: As @Pekka was pointing out I know you can submit a form to a remote site using typical form submits. I was referring to using some client side ajax solution. Sorry for the confusion.


You should follow the way OpenID and other single-sign-on system works. How openID works is your website POSTs some token to openID service and in return gets authentication result. Refer How Does it Work? section here


Yes, you can use a special flash library that supports cross-domain calls: YUI connection manager

Added: not sure about the cookie authentication issue though...


The client cannot post to an external site directly; it's a breach of basic cross-domain security models. The exception is accessing javascript with JSONP. What you describe would require access to a user's cookies for another website, which is impossible as the browser only allows cookie access within the same domain/path.

You would need to use a server-side proxy to make cross-domain requests, but you still cannot access external cookies: http://jquery-howto.blogspot.com/2009/04/cross-domain-ajax-querying-with-jquery.html

0

精彩评论

暂无评论...
验证码 换一张
取 消