Reputation: 13437
Cross site scripting (no iframes or anything)
I'm trying to understand this better, and it's confusing me a bit. All the things I'm finding are related to iframes which I'm not using.
I have a form on a domain I own, and when you click submit, it sends a request to a 3rd party service (infusionsoft) and submits some information.
I want to send an ajax post request with the information they have entered to this 3rd party as opposed to having them have to hit submit.
The form is just a standard POST form, with some hidden inputs related to the campaign. The form is just generated by the 3rd party service to paste on your site.
When I submit it via ajax I get a cross site scripting error in console.
Questions:
How does their server 'know' that it is an ajax request? Doesnt (from their servers eyes) the post request looks identical to as if the user had clicked 'submit' regularly (no ajax)?
How do I go about successfully doing this with no error?
Someone is saying I should use php and ajax post to the php file which does __. How is that any different? Can you think of what they might have in mind to solve it? They were quite vague.
Thanks
Upvotes: 1
Views: 142
Answers (1)
Reputation: 207517
Read about the same origin policy
- It is not the server it is the browser preventing it.
- Disable your browser's security
- Called a proxy
Upvotes: 1
Related Questions
- AJAX cross site scripting between own domains
- Cross site scripting (XSS) possible?
- Cross site scripting forms
- Ajax POST to another server - overcoming the cross domain restrictions
- Cross-site AJAX requests
- Cross-site XMLHttpRequest
- Cross domain requests
- Web Application Cross Site Scripting
- cross site scripting in JavaScript
- Cross site scripting?