Cross Domain Communication

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
Niranjan
Forum Newbie
Posts: 1
Joined: Fri Sep 25, 2009 1:32 am

Cross Domain Communication

Post by Niranjan »

Hi all,
I want to accomplish a functionality that will insert data in my database when user enters some data in a form loaded from other domain in an iframe of my web page. Is it possible to do this? any help would be great.
Thanks & Regards
Niranjan
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Cross Domain Communication

Post by kaisellgren »

No, it is not possible.

What are you trying to achieve?
rburgens
Forum Newbie
Posts: 8
Joined: Thu Sep 24, 2009 12:57 pm

Re: Cross Domain Communication

Post by rburgens »

Actually, it IS possible, by a couple different methods:

(1) If the remote domain adds YOUR url into it's action statement on the form (e.g. "<form name='somename' ... action='http://www.example.com/mypage.php'>")

(2) use JavaScript to look inside the iFrame, copy all of the names and values of each field in the form into an array, then use AJAX to pass that information off to your url

(3) just like #2, only use JavaScript to re-create the form in the iFrame onto your page, then submit that form to your own url


But I am curious as well: what are you trying to achieve? It seems a little... mischievous....
User avatar
arjan.top
Forum Contributor
Posts: 305
Joined: Sun Oct 14, 2007 4:36 am
Location: Hoče, Slovenia

Re: Cross Domain Communication

Post by arjan.top »

you can not modify iframe if it is not the same domain and port because of same origin policy
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Cross Domain Communication

Post by kaisellgren »

rburgens wrote:Actually, it IS possible
Nope.

1) He said it's a form from other domain.
2) As arjan.top said, SOP.
3) ^^
Post Reply