1

I've read quite a few posts here asking roughly the same thing, but usually the person asking has access to the remote site and can use the methods available to achieve this. My situation is a bit different, and I just wanted to see if it was possible before spending time and effort trying to get it to work.

The site that I am trying to access is remote, I have no access to it in anyway, and it's only accessible from a computer logged into OpenVPN.

The tool that I am writing is trying to get the results of a form submit from the remote site. I don't want to parse the results or modify it in anyway. I just want to display the page with the Post Data sent. The remote site uses AJAX for the form submit.

It's code is as such:

<form name="MyForm" action="response_normal.php" method="post" onsubmit="xmlhttpPost('response_ajax_v2.php', 'MyForm', 'response', '<img src=\'pleasewait.gif\'>'); return false;">

Upon submitting on that page, three values are sent:

site : radio1
search : 000000000000
submit : Search Site

Is it possible at all for me to simply send that post data to the page and display it? I am hoping to do this in an iframe - since I can't do it server side due to VPN restrictions.

Skryn
  • 155
  • 3
  • 12
  • if the remote site puts the submitted data in an html page, you should be able to access it if the page is in public_html. so you can use iframe and embed it in an other page. – btevfik Mar 17 '13 at 07:46

1 Answers1

1

Since the computer you're accessing your offsite server from is on the VPN that has access to the remote system (and assuming this remote system is under your control), you could have the offsite server return some JavaScript that AJAX-pulls the data–in this case, a full HTML page–it needs from the remote system using a JSONP-like strategy.

I have used this technique for some small projects in the past.

From there, you are free to do with the data what you will–modify it, return it as is, or otherwise.

Personally, I would avoid the use of frames if possible. Of course, when strapped for time, nothing is off limits ;)

However, if the remote system IS NOT under your control (and they don't have a kickass CORS cross-access policy), your only option is, as you said in the body of your question, frames. Here is an example:

<!-- If the remote system is NOT under your control, it CANNOT respond with the X-Frame-Options header set to SAMEORIGIN or DENY! -->
<iframe id="inlineframe" src="http://www.randomwebsite.com" frameborder="0" scrolling="auto" width="800" height="300" marginwidth="5" marginheight="5" ></iframe>

//Depending on the JS you put here, you may get some "unsafe Javascript" warnings from certain browsers
~function()
{
    var frame = document.getElementById('inlineframe'),
        ref = frame.contentWindow ? frame.contentWindow.document : frame.contentDocument;

    // ref is now a reference to the document of the content within the iframe
    // You can now do your getElementById/getElementByTagName etc. and otherwise
    // manipulate the response as you please.
    console.log(ref);
}();

A working example can be found here: http://jsfiddle.net/FTudJ/

The contents of the iframe should be the submitted results of the remote page, or whatever the remote server responds with. If you're not looking to modify anything, then you don't even need the Javascript component.

The key will be the URL you specify as the source of the iframe. Now, if the remote system doesn't support GET requests for form submissions (in your example code I see a "POST" method), coupled with the fact that you have no control over it and your offsite system can't access it in any way, your only other options are:

  • Instead of supplying the form's submission URL directly, simply supply the form's typical access URL to the iframe. From there, use JavaScript to populate the form with the necessary values, and then submit the form within the iframe as if you were the user. From there, you can scrape the results back into JavaScript or simply display them as is.

  • Find a way to get your offsite server into the VPN network so that it may communicate with the remote system on your behalf. Of course, if that were easy, I guess you would have done that first!

  • Redirect your users to the remote site–possibly using a frameset + banner frame like Google used to do, let them do what they need to do there, and then tell them to come back when they're finished.

--

I see that you're using PHP. As long as the server that is executing the PHP has access to the VPN that has access to this remote system–all over traditional HTTP–a simple curl call from the server-side should suffice, as you can use AJAX to pass through the results to the client.

These links may be of some assistance:

Community
  • 1
  • 1
Xunnamius
  • 478
  • 1
  • 8
  • 16
  • 1
    The script is running from an offsite server that I pay for. It does not have VPN access, so any calls server side to the URL of the work tool usually time out, due to not loading as not being on the VPN to have access. If that makes sense. I could be overlooking something? – Skryn Mar 17 '13 at 07:41
  • Hmm. So the computer you're accessing your offsite server from (the computer with the browser) is on the VPN that has access to the remote system you're aiming for, yes? – Xunnamius Mar 17 '13 at 07:44
  • that's correct, which is why I thought maybe using an iframe/client side code I might be able to achieve this. – Skryn Mar 17 '13 at 07:45
  • Yes, an iframe solution would work for ya. Although "[frames are bad](http://stackoverflow.com/questions/1203068/why-should-i-not-use-html-frames)" so you should go for a pure AJAX pull implementation. You could even modify what is returned if you wish ;) – Xunnamius Mar 17 '13 at 07:46
  • isn't there an issue with security, some protocol or something (I forget what it's called) that doesn't allow you to have a return when attempting cross-domain scripting? Like, you can send the post data, and it posts, but the remote site does not return anything... something about same origins. I'm not too sure. – Skryn Mar 17 '13 at 07:57
  • Yeah, the "Access-Control-Allow-Origin" blah blah "feature". When I said AJAX, I meant AJAX the philosophy. In terms of implementation, you'll probably have to use a form of "XMLP" (similar to JSONP) to grab the data in a script tag and load it through. Or you can use the frames if your timeline is short and you need to bust out a prototype. – Xunnamius Mar 17 '13 at 08:00
  • This, of course, assumes you have control of your remote system (and I'm understanding the question correctly), even though your offsite server cannot access it in any way. If this remote system IS NOT under your control, then your only option would be frames. – Xunnamius Mar 17 '13 at 08:12
  • How would I accomplish this with using iFrames, I wonder? I want the content of the iFrame to be the submitted results of the remote page. – Skryn Mar 17 '13 at 08:13
  • That first option (of the three) would be your best bet. – Xunnamius Mar 17 '13 at 08:48
  • Hey man, I appreciate the time and effort. It's working beautifully so far! – Skryn Mar 18 '13 at 12:31