0

I Have one register form that I need to be submitted to subdomain, subdomain register form its using security token key. What I need is to take the security token from subdomain and use it on main domain using javascript.

Example of subdomanin token key:

<input name="security_token" value="7ba88acf1fade1e1c26d7f7a885564f2" type="hidden">

I need to get the above key and use it on main domanin registration form :

 <input type="hidden" name="security_token" value="security key" />

I tried this on main domain but failed :

<input name="security_token" value="searchTxt" type="text" id="searchTxt">
<script>
  var input = document.getElementsByName("security_token")[0].value;

  function searchURL() {
      window.location = "http://www.subodmain.myurl.com/register" +    input.value;
  }
</script>

Anyone can edit my script in and make it work ? Thank you.

Robin Carlo Catacutan
  • 13,249
  • 11
  • 52
  • 85
Blazer
  • 306
  • 4
  • 16
  • Is that subdomain loaded in an iframe or something? – Oriol May 01 '15 at 20:45
  • No. But I can loaded in hidden iframe if is mandatory to achieve what I need.. – Blazer May 01 '15 at 20:46
  • You have `.value` twice there. Drop the `.value` after the `document.getElementsByName` bit, or change the name of your variable to `value` and drop the second value. – azium May 01 '15 at 20:46
  • I did what you said but still not working. – Blazer May 01 '15 at 20:50
  • @Blazer Then you need to load it in some way. Maybe with an iframe, or with an XMLHttpRequest. Be aware of [same-origin policy](https://en.wikipedia.org/wiki/Same-origin_policy). See [AJAX, Subdomains, and SSL](http://stackoverflow.com/q/231478/1529630) – Oriol May 01 '15 at 20:51
  • Ok, I will load it on iframe on main page but how the script should look after ? – Blazer May 01 '15 at 21:04

3 Answers3

0
<input name="security_token" value="searchTxt" type="text" id="searchTxt">

<script>
  function searchURL(el) {
    var input = document.getElementById(el);
      window.location.href = "http://www.subodmain.myurl.com/register" + input.value;
  }
  //use
  //searchURL("searchTxt");
</script>
alessandrio
  • 4,282
  • 2
  • 29
  • 40
0

Perhaps I've misunderstood the question but I don't think this is possible. The security token is in your form expressly so that the server can be assured that the form was in fact generated by that very same server, and not by a third party (this is a security precaution).

Therefore, the main domain would likely reject any security token that wasn't also generated by the main domain. In theory, the main domain would reject your form submission even if you somehow figured out a way to submit the form to the main domain.

purpleguy
  • 1
  • 2
0

If you can use Jquery, you can do something like this :

    var input;

    $.get("http://your_subdomain.com", function(response) {
        var elements;
        elements = $.parseHTML(response);
        input = $(elements).find('#searchTxt');
    });



    function searchURL() {
      window.location = "http://www.subodmain.myurl.com/register" +    input.val();
    }
Robin Carlo Catacutan
  • 13,249
  • 11
  • 52
  • 85