Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 9 of 9
  1. #1
    New Coder
    Join Date
    May 2007
    Posts
    93
    Thanks
    4
    Thanked 0 Times in 0 Posts

    cross-domain POST

    i'm trying to do a cross-domain post but it isn't working. What did i do wrong ?

    http://www.firstserver.com/somefile.php :

    Code:
        <script type='text/javascript' src='//ajax.googleapis.com/ajax/libs/jquery/1.9.1/jquery.min.js'></script>
    <script type=\"text/javascript\">
        function dc(id){\$.post(\"http://www.secondserver.com/hits_downloads.php\",{file_id:id})}
    </script>
    $downloadlink = "somefile.zip";
    $base64link = base64_encode($downloadlink);
    echo "<a href=\"http://www.firstserver.com/$downloadlink\" id=\"$base64link\" onClick=\"dc(this.id)\">Download file</a>";
    http://www.secondserver.com/hits_downloads.php :

    Code:
    switch ($_SERVER['HTTP_ORIGIN']) {
        case 'http://firstserver.com': case 'http://www.firstserver.com':
        header('Access-Control-Allow-Origin: '.$_SERVER['HTTP_ORIGIN']);
        header('Access-Control-Allow-Methods: POST, GET, OPTIONS');
        header('Access-Control-Max-Age: 1000');
        header('Access-Control-Allow-Headers: Content-Type');
        break;
    }
    
    include("db.php");
    
        $file_id = $_POST['file_id'];
    
        $query = "SELECT * FROM 1downloads_hits WHERE base64 = '$file_id'";
        $res = mysql_query($query) or die(mysql_error());
        $exist = mysql_num_rows($res);
        if ($exist == 0) {
            $base64decode = base64_decode($file_id);
            mysql_query("INSERT INTO 1downloads_hits (base64,hits,fichier)
            VALUES ('$file_id','1','$base64decode');");
        } else {
            mysql_query("UPDATE hits SET hits = hits + 1 WHERE base64 = '$file_id'");
        }
    The problem is that $_POST['file_id'] isn't sent to the php script on the other domain. So when the php file try to update the hit counter, $file_id is empty. An empty entry is added to the database but "base64" row is empty (where $file_id is supposed to be added).

  • #2
    Senior Coder rnd me's Avatar
    Join Date
    Jun 2007
    Location
    Urbana
    Posts
    4,373
    Thanks
    11
    Thanked 592 Times in 572 Posts
    just so you know, $query = "SELECT * FROM 1downloads_hits WHERE base64 = '$file_id'"; leaves your server wide-open for anyone to do anything they want to your DB...

    you can't use ajax to post to most places, unless they opt-in for such behavior using access-control (cors).

    you can however simply use an invisible form and submit() to the url your're trying to hit.
    my site (updated 13/9/26)
    BROWSER STATS [% share] (2014/9/03) IE7:0.1, IE8:4.6, IE11:9.1, IE9:3.1, IE10:3.0, FF:17.2, CH:46, SF:11.4, NON-MOUSE:38%

  • #3
    New Coder
    Join Date
    May 2007
    Posts
    93
    Thanks
    4
    Thanked 0 Times in 0 Posts
    you can't use ajax to post to most places, unless they opt-in for such behavior using access-control (cors).
    How do i do this ? I have full control over the dedicated server i am cross-server-submitting to

    just so you know, $query = "SELECT * FROM 1downloads_hits WHERE base64 = '$file_id'"; leaves your server wide-open for anyone to do anything they want to your DB...
    Oops... I added mysql_real_escape_string()

  • #4
    Senior Coder rnd me's Avatar
    Join Date
    Jun 2007
    Location
    Urbana
    Posts
    4,373
    Thanks
    11
    Thanked 592 Times in 572 Posts
    Quote Originally Posted by anarchoi View Post
    How do i do this ? I have full control over the dedicated server i am cross-server-submitting to

    just readup on cors, it's a lot of common knowledge for me to rehash, but you likely just need the ACAOrigin, ACAMethods headers, and a normal form mimetype from your ajaxsubmit.
    my site (updated 13/9/26)
    BROWSER STATS [% share] (2014/9/03) IE7:0.1, IE8:4.6, IE11:9.1, IE9:3.1, IE10:3.0, FF:17.2, CH:46, SF:11.4, NON-MOUSE:38%

  • #5
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,940
    Thanks
    79
    Thanked 4,424 Times in 4,389 Posts
    If you use a hidden <iframe>, then you can just use a <form target="nameOfHiddenIframe" method="post"> and submit that form to your URL and nothing visible will happen on your page.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #6
    Senior Coder rnd me's Avatar
    Join Date
    Jun 2007
    Location
    Urbana
    Posts
    4,373
    Thanks
    11
    Thanked 592 Times in 572 Posts
    Quote Originally Posted by Old Pedant View Post
    If you use a hidden <iframe>, then you can just use a <form target="nameOfHiddenIframe" method="post"> and submit that form to your URL and nothing visible will happen on your page.
    sounds a lot like my idea in post #2...
    my site (updated 13/9/26)
    BROWSER STATS [% share] (2014/9/03) IE7:0.1, IE8:4.6, IE11:9.1, IE9:3.1, IE10:3.0, FF:17.2, CH:46, SF:11.4, NON-MOUSE:38%

  • #7
    New Coder
    Join Date
    May 2007
    Posts
    93
    Thanks
    4
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by rnd me View Post
    just readup on cors, it's a lot of common knowledge for me to rehash, but you likely just need the ACAOrigin, ACAMethods headers, and a normal form mimetype from your ajaxsubmit.
    Well i already have the headers in the code i posted unless i'm missing something... what else do i need ?
    Last edited by anarchoi; 06-28-2013 at 02:03 AM.

  • #8
    Supreme Master coder! Old Pedant's Avatar
    Join Date
    Feb 2009
    Posts
    25,940
    Thanks
    79
    Thanked 4,424 Times in 4,389 Posts
    Quote Originally Posted by rnd me View Post
    sounds a lot like my idea in post #2...
    Yes, just explaining that if you don't submit to a hidden <iframe> or equivalent, then the submit will wipe out the current page content.

    So hidden <form> *and* hidden <iframe> as its target.
    An optimist sees the glass as half full.
    A pessimist sees the glass as half empty.
    A realist drinks it no matter how much there is.

  • #9
    New Coder
    Join Date
    May 2007
    Posts
    93
    Thanks
    4
    Thanked 0 Times in 0 Posts
    Submitting a form to an hidden iframe isn't a good idea, i remember trying it with another project and i ran into a big bug with Safari and some version of MacOS. This browser will not submit a form to an iframe unless you manually visit the target website first. I remember many people had reported this bug and i had to download MacOS and test it under a virtual machine to confirm it. I searched everywhere but never found a solution except asking users to change their default security settings.

    So i just realised i will run again into same problem if i do that. I really need to get AJAX cross-domain submit to work.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •