Solved

How do I get one form to post data to another form on a different domain?

Posted on 2013-01-10
10
311 Views
Last Modified: 2013-01-11
I have a form on siteA.com that has an iframe to an upload form on siteB.com.

When the user submits the form on siteB.com I need it to grab the data from one of the fields and put it into a field on the siteA.com form.

This use to work under IIS by putting this javascript on siteA.com:

function hello(string){
   var name=string
   document.getElementById('VAR20').value=name;
}

however, we recently had to move to Tomcat and now this cross domain scripting no longer works.

We've enabled the cross domain scripting on the Tomcat server.

Any suggestions would be appreciated.
0
Comment
Question by:Donnie Walker
10 Comments
 
LVL 18

Expert Comment

by:nap0leon
ID: 38764476
How much control do you have over code on the two sites?

In the submit routine of the form in the iFrame... make it fire a tracking pixel before it submits the form... this tracking pixels hits SiteA with the parameter you need to use.

e.g.,
var oBody = document.getElementsByTagName('BODY').item(0);
var oImg= document.createElement("img");
oImg.src="http://www.aiteA.com/catchpage?param=value";
oBody.appendChild( oImg);

Open in new window


Now create "catchpage" so that it places the value into a cookie.

Now update your page that contains the iFrame so that it listens for an "onblur" of the iFrame (so it will catch that the iFrame was posted).  This onblur event triggers SiteA's page to retrieve the value from the cookie and do with it whatever you please.
0
 
LVL 12

Expert Comment

by:sivagnanam chandrakanth
ID: 38766270
you can also use jsonp if you want to pass information via JS

http://en.wikipedia.org/wiki/JSONP
0
 

Author Comment

by:Donnie Walker
ID: 38767117
jsonp looks promising.

Do you have a working code sample?

Something that shows how to set it up on the iframed siteB.com so that when the user submits the form it puts the field value somewhere and then something that shows how siteA.com gets the data?
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 38767146
If SiteA.com and SiteB.com are on two different actual domains, then I'm surprised that the IIS approach ever worked unless it worked many years ago. Most browsers stopped allowing cross-site scripting (XSS) several years ago.

sivagnanam_c's suggestion isn't bad, but JSONP relies on script injection, which may not always work later on (assuming browser security changes continue the way they are going). I've personally stayed away from JSONP for that reason - I don't want to revisit things down the road.

nap0leon's suggestion is better, IMO, but if you have control over both domains and both have the same top/root domain, you can set the document.domain property in Javascript to the same value on both sides and it will allow the type of scripting you were using before.

So page in SiteA:
<script type="text/javascript">document.domain = "SiteA.com</script>

Page in SiteB:
<script type="text/javascript">document.domain = "SiteA.com</script>

Now they should be able to communicate page-to-page using Javascript and iFrames. You would need to specify the path to the iframe to access the right document and its elements, too.

This might work for completely different domains, but I'm not sure (I doubt it).

The most long-term and reliable solution is to simply pass in parameters via the query string by setting the iframe's src when you want to add a parameter:

1. You want to set field1 on www.siteB.com/form.php (contained in an iframe)

2. Site A sets the iframe src to www.siteB.com/form.php?field1=value

3. The form.php on Site B reads the parameters, sets the value in the form (and saves it into a session so that further form fields can be set with subsequent calls), and then displays the updated form.

It's a tiny bit slower, but far more reliable than any other method and isn't at risk for any kind of deprecation in the near future because it uses good ol' standard calls.
0
 

Author Comment

by:Donnie Walker
ID: 38767220
Well, the situation is this.

siteA.com is not capable of running anything other than javascript...but I need the ability to upload files via a form and get the file name into a field on siteA.com.

so siteB.com runs a php upload via a form and this page is in an iframe on siteA.com.

Previously, by putting this in the header of siteA.com:

function upload(string){
   var name=string
   document.getElementById('VAR20').value=name;
}

 I was able to grab the field that put the upload file name from siteB.com into the form on siteA.com into text field "VAR20".

But this was with cross domain scripting allowed and when siteA.com was on an IIS server.

For some reason when we moved to Tomcat on siteA.com this stopped working even with a cross domain scripting policy XML on Tomcat.

I've added <script type="text/javascript">document.domain = "SiteA.com</script> to the header of both sites and it still does not post the file name to the other form.

I'm open to anything.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 34

Expert Comment

by:gr8gonzo
ID: 38767294
I see, so SiteA.com is the parent frame, and SiteB.com is the child / iframe. The values are coming from a PHP upload in SiteB.com and those values need to go into the static form in the parent frame (SiteA.com).

Also, I screwed up with the code I sent and missed an ending quote and semicolon. It should be:

<script type="text/javascript">document.domain = "SiteA.com";</script>

Are siteA and siteB part of the same root domain, like siteA = www.mydomain.com and siteB = uploads.mydomain.com ? Or are they completely separate domains like mydomain.com and yourdomain.com ?

How is the form on Site A processed if nothing but Javascript is allowed?
0
 

Author Comment

by:Donnie Walker
ID: 38767326
siteA.com runs some specialized code called "Datatel".  Not sure how it works but it is all form based.

siteA and siteB are part of the same root domain. Example: (siteA = datatel.college.edu and siteB = web.college.edu even though they are on different virtual servers).

when a user clicks the upload/submit button on the form on siteB this runs:

onclick="parent.upload(this.form.filename.value);

and then this code:

function upload(string){
   var name=string
   document.getElementById('VAR20').value=name;
}

picks up the value and puts it into a text file called VAR20.

Like I said, this worked fine before we switched to Tomcat on siteA.com.
0
 
LVL 34

Expert Comment

by:gr8gonzo
ID: 38767415
Different virtual servers are fine. If they're part of the same root domain, then you're in luck - the document.domain approach will definitely work.

After setting that document.domain to "college.edu" in both sites, have site B's code use this syntax to set fields in site A:

parent.document.getElementById("fieldname").value = "new value";
0
 
LVL 34

Accepted Solution

by:
gr8gonzo earned 500 total points
ID: 38767425
Actually, don't change the site B code yet - just set the document.domain on both pages and see if the old code runs as expected.
0
 

Author Closing Comment

by:Donnie Walker
ID: 38767749
That fixed it. I must of had it cached. Thanks!
0

Featured Post

Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

Join & Write a Comment

Suggested Solutions

In my daily work (mainly using ASP.net), I need to write a lot of JavaScript code. One of the most repetitive tasks I do are the jQuery Ajax calls. You know: (CODE) I don't know if for you it's the same, but for me is soooo tedious to write the …
The task A number given should be formatted for easy reading by separating digits into triads. Format must be made inline via JavaScript, i.e., frameworks / functions are not welcome. So let’s take a number like this “12345678.91¿ and format i…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)
The viewer will learn the basics of jQuery including how to code hide show and toggles. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now