0

I'm having problems with an Ajax Request between SubDomains.

The PHP Script that handle the request is located at account.domain.com/login

And i have many other SubDomains, the Ajax request can be called in every SubDomain.

Here is the Javascript currently i have:

            $.ajax({
                type: "POST",
                url: "http://account.domain.com/login",
                data: "username=" + username + "&password=" + password + auto,
                crossDomain: true,
            }).done(function(data){
                alert(data);
                //window.location.replace(data);
            });

The problem is that if i call this when i'm on another sub domain that is not account.domain.com, the script fails. (Not showing alert).

I have checked with Tamper Data to see if the request has been made, and it is, with Response Header State 200.

PHP:

//Process Login
if(count($_POST)){
    $username = isset($_POST['username']) ? $_POST['username'] : false;
    $password = isset($_POST['password']) ? $_POST['password'] : false;
    $auto = isset($_POST['auto']) ? true : false;

    $main->login($username,$password,$auto);
    if($main->has_error()){
        $_SESSION['NoteMsgs'] = $main->error();
        $return = $main->link['login'];
    }else{
        //PHPBB Login
        // Start session management
        $user->session_begin();
        $auth->acl($user->data);
        $user->setup();

        if($user->data['is_registered']){
            //User is already logged in
        }else{
            $result = $auth->login($username, $password, $auto);
            if ($result['status'] == LOGIN_SUCCESS){
                //User was successfully logged into phpBB
            }else{
                //User's login failed
            }
        }
        if(isset($_POST['returnUrl'])){
            $return = filter_var($_POST['returnUrl'], FILTER_VALIDATE_URL, FILTER_FLAG_PATH_REQUIRED);
            if($return == $main->opt['http_root'] or $return == $main->opt['http_root'].'/' or $return == $main->link['login'] or $return == $main->link['login'] .'/'){
                $return = $main->link['return'];
            }
        }else{
            $return = $main->link['return'];
        }
    }
    echo $return;
    exit;
}

What could be the problem? Thank you.

Fr0z3n
  • 1,569
  • 1
  • 18
  • 39
  • possible duplicate of [Ways to circumvent the same-origin policy](http://stackoverflow.com/questions/3076414/ways-to-circumvent-the-same-origin-policy) – Quentin Sep 17 '13 at 09:34

1 Answers1

-1

There are many options, like doing $.post JSONP type request or using iframe , but I think the easiest way is to change the workflow:

Your local JS will do an ajax post to a local URL which will accept the POST method with your json data. At this point your server code will do an HTTP POST with proper data to the remote server, get the response, and send it back to the calling js.

Antoan Milkov
  • 2,152
  • 17
  • 30
  • You can't do POST requests with JSON-P. You can't read the response of a cross-origin iframe request. Running a proxy across your own server is an overcomplicated approach. The sane solutions here are CORS or just exposing the endpoint for the web server directly on the same origin. – Quentin Sep 17 '13 at 10:01