HTML 表单 POST 跨域
我有一个非常简单的 HTML 表单,它使用 POST,其操作调用我的 Web 服务器上的 PHP 脚本。
关键在于...包含表单的 html 不是托管在同一服务器上,而是存在于不同的域中。在不通过解释来解决这个问题的情况下,这必须是出于商业原因。它们需要存在于这些特定领域内。
当我提交表单时,我正确访问了 PHP 脚本,但随后我尝试提取 POST 数据,但它消失了。我认为这是一个安全问题,因为我暂时将表单与 PHP 放在同一台服务器上,并且工作正常。
有没有办法让它在两个单独的域中工作?提前致谢。
编辑:
PHP 代码(emailTemplate.php):
<?php
var_dump($_POST);
?>
HTML 表单:
<form name="emailForm" id="emailForm" method="post" onsubmit="return beforeSubmit();" action="https://***.***.com/emailTemplate.php">
<textarea rows="15" cols="75" id="myHtmlText" name="myHtmlText"></textarea>
<input type="text" id="toAddr" name="toAddr" size="60"/>
<input type="text" id="fromAddr" name="fromAddr" size="60"/>
<input type="text" id="subjectLine" name="subjectLine" size="60"/>
<input type="submit" name="Submit" value="Email Letter">
</form>
I have a very simple HTML form that uses POST and its action calls a PHP script on my web server.
Here is the kicker... the html that contains the form isn't hosted on the same server and exists in a different domain. Without bogging down this question with explanation this has to be done for business reasons. They need to exist within these specific domains.
When I submit my form I access the PHP script correctly but then I try and pull out the POST data and it is gone. I'm thinking this is a security problem because I temporarily put the form on the same server as the PHP and it worked fine.
Is there a way that I can get this to work with the two separate domains? Thanks in advance.
Edit:
PHP Code (emailTemplate.php):
<?php
var_dump($_POST);
?>
HTML Form:
<form name="emailForm" id="emailForm" method="post" onsubmit="return beforeSubmit();" action="https://***.***.com/emailTemplate.php">
<textarea rows="15" cols="75" id="myHtmlText" name="myHtmlText"></textarea>
<input type="text" id="toAddr" name="toAddr" size="60"/>
<input type="text" id="fromAddr" name="fromAddr" size="60"/>
<input type="text" id="subjectLine" name="subjectLine" size="60"/>
<input type="submit" name="Submit" value="Email Letter">
</form>
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
如果您仅在 IE 中遇到该问题,则可能是其 XSS 过滤器造成的。 本文提供了禁用它的详细信息。
要完全避免此问题,请尝试将表单发布到服务器上的 PHP 脚本,并在该脚本中创建一个 cURL 会话,将表单发布到其他脚本。 XSS 事务独立于客户端的 Web 浏览器发生,从而避免了该过程中这些基于浏览器的安全限制。
If you're only experiencing the issue in IE, their XSS filter may be to blame. This article provides details for disabling it.
To avoid this problem entirely, try posting your form to a PHP script on your server, and in that script, create a cURL session that posts the form to the other script. The XSS transaction occurs independently of the client's web browser, averting these browser-based security restrictions in the process.