问题描述
我有一个非常简单的HTML表单,使用POST,它的操作调用我的Web服务器上的PHP脚本。
I have a very simple HTML form that uses POST and its action calls a PHP script on my web server.
这里是kicker ...包含表单的html不托管在同一服务器上,并存在于不同的域中。如果不解释这个问题和解释,这必须是出于商业原因。他们需要存在于这些特定的领域。
Here is the kicker... the html that contains the form isn't hosted on the same server and exists in a different domain. Without bogging down this question with explanation this has to be done for business reasons. They need to exist within these specific domains.
当我提交表单时,我正确地访问PHP脚本,但是我尝试拉出POST数据,它已经不见了。我认为这是一个安全问题,因为我暂时把表单放在同一台服务器作为PHP,它工作正常。
When I submit my form I access the PHP script correctly but then I try and pull out the POST data and it is gone. I'm thinking this is a security problem because I temporarily put the form on the same server as the PHP and it worked fine.
有没有办法让我使用这两个单独的域?提前感谢。
Is there a way that I can get this to work with the two separate domains? Thanks in advance.
编辑:
PHP代码(emailTemplate.php):
PHP Code (emailTemplate.php):
<?php
var_dump($_POST);
?>
HTML表单:
<form name="emailForm" id="emailForm" method="post" onsubmit="return beforeSubmit();" action="https://***.***.com/emailTemplate.php">
<textarea rows="15" cols="75" id="myHtmlText" name="myHtmlText"></textarea>
<input type="text" id="toAddr" name="toAddr" size="60"/>
<input type="text" id="fromAddr" name="fromAddr" size="60"/>
<input type="text" id="subjectLine" name="subjectLine" size="60"/>
<input type="submit" name="Submit" value="Email Letter">
</form>
推荐答案
如果你只是在IE遇到这个问题,他们的XSS过滤器可能会被指责。 提供了禁用它的详细信息。
If you're only experiencing the issue in IE, their XSS filter may be to blame. This article provides details for disabling it.
要完全避免此问题,请尝试发布表单到您的服务器上的PHP脚本,并在该脚本中创建一个cURL会话,将表单发布到其他脚本。 XSS事务独立于客户端的Web浏览器,避免了这些基于浏览器的安全限制。
To avoid this problem entirely, try posting your form to a PHP script on your server, and in that script, create a cURL session that posts the form to the other script. The XSS transaction occurs independently of the client's web browser, averting these browser-based security restrictions in the process.
这篇关于HTML表单POST跨域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!