0

I have been seeing lot of questions and answers here, but something really not answered my questions

  1. How do I make a cross domain request to a http://otherdomain.com?login.php?username="test"&pass="pass"

I would like to state that, this domain is not controlled by us and it will return normal HTTP response if you actually make a HTTP POST request to the above URL.

So based on the HTTP Response [HTML], I would like to evaluate successful or failure login.

Since it's an internal application, if it's not possible in normal scenario, we can configure internal system browsers to achieve the same [last option].

Can anyone post a link to tutorial/working example?

Note: I don't have control over otherdomain application. It doesn't return a JSON formatted data. The request must be originated from Clients browser, not allowed any proxy due to application dependance on IP address.

RaceBase
  • 18,428
  • 47
  • 141
  • 202
  • You can run chrome with a certain flag that disables security restrictions. Only do it if you're not going to use the browsers for anything else. Chrome/FF extensions are another method. – Brigand Aug 18 '13 at 11:45
  • You can let your proxy forward the client IP. – mplungjan Aug 18 '13 at 12:03
  • @mplungjan, when the request goes to otherdomain, the request should look like generated from the user IP. is it possible? If so, please post the solution – RaceBase Aug 18 '13 at 12:35
  • Depends on your server - http://serverfault.com/questions/331079/haproxy-and-forwarding-client-ip-address-to-servers – mplungjan Aug 18 '13 at 14:03

1 Answers1

1

See Ways to circumvent the same-origin policy. None of them will meet your requirements.

Preventing Mallory's site from using Alice's site with Bob's credentials (such as his IP address) is the point of the Same Origin Policy. There is no way around this for a web application.

Since it's an internal application

If it is an internal application, then you could look at using a browser extension to access the data. They have less restrictive security policies as they have to be explicitly installed.

Community
  • 1
  • 1
Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335