本文介绍了HTML表单POST跨域的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个非常简单的HTML表单,使用POST,它的操作调用我的Web服务器上的PHP脚本。

I have a very simple HTML form that uses POST and its action calls a PHP script on my web server.

这里是kicker ...包含表单的html不托管在同一服务器上,并存在于不同的域中。如果不解释这个问题和解释,这必须是出于商业原因。他们需要存在于这些特定的领域。

Here is the kicker... the html that contains the form isn't hosted on the same server and exists in a different domain. Without bogging down this question with explanation this has to be done for business reasons. They need to exist within these specific domains.

当我提交表单时,我正确地访问PHP脚本,但是我尝试拉出POST数据,它已经不见了。我认为这是一个安全问题,因为我暂时把表单放在同一台服务器作为PHP,它工作正常。

When I submit my form I access the PHP script correctly but then I try and pull out the POST data and it is gone. I'm thinking this is a security problem because I temporarily put the form on the same server as the PHP and it worked fine.

有没有办法让我使用这两个单独的域?提前感谢。

Is there a way that I can get this to work with the two separate domains? Thanks in advance.

编辑:

PHP代码(emailTemplate.php):

PHP Code (emailTemplate.php):

<?php
var_dump($_POST);
?>

HTML表单:

<form name="emailForm" id="emailForm" method="post" onsubmit="return beforeSubmit();" action="https://***.***.com/emailTemplate.php">
    <textarea rows="15" cols="75" id="myHtmlText" name="myHtmlText"></textarea>
    <input type="text" id="toAddr" name="toAddr" size="60"/>
    <input type="text" id="fromAddr" name="fromAddr" size="60"/>
    <input type="text" id="subjectLine" name="subjectLine" size="60"/>
    <input type="submit" name="Submit" value="Email Letter">
</form>


推荐答案

如果你只是在IE遇到这个问题,他们的XSS过滤器可能会被指责。 提供了禁用它的详细信息。

If you're only experiencing the issue in IE, their XSS filter may be to blame. This article provides details for disabling it.

要完全避免此问题,请尝试发布表单到您的服务器上的PHP脚本,并在该脚本中创建一个cURL会话,将表单发布到其他脚本。 XSS事务独立于客户端的Web浏览器,避免了这些基于浏览器的安全限制。

To avoid this problem entirely, try posting your form to a PHP script on your server, and in that script, create a cURL session that posts the form to the other script. The XSS transaction occurs independently of the client's web browser, averting these browser-based security restrictions in the process.

这篇关于HTML表单POST跨域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-26 05:36