Cross Origin Post Request

Question

I'm trying to send a post request to a different site, specifically Zoho.eu, to enable me to login with one click. Effectively I want to POST to the login URL, my username, password etc etc.

I have ran into the Cross origin problem and I have looked at many different solutions such as JSONP, the iFrame method, CORS etc but all of these require me to have access to the third party backend which I don't have.

How do I get around this problem? I understand I can use a proxy somehow to enable me to avoid the cross origin problem but I'm not sure?

Thanks in advance.

Answer 1

If I understand you correctly then the short answer is you can't.

A proxy won't help you to create a session in the user's browser and login. When using a proxy you are doing the requests in behalf of the user from your server, and can't set the required session values to the user's cookies for the target domain.

This is intentional. The whole concept of Same-origin policy/CORS was invented so that others will not be able to do something in behalf of a users in a domain they don't own.

I would consider OAuth, it might be the right way for you to implement this kind of cross-domain login flow.

Answer 2

One easy solution (which is only a temporary fix, you will have to find a more permanent solution for production code) is to hard code the name of the server from where the request is coming in your server controller code and allow access from it.

Answer 3

CORS protection is intented.

Zoho provides cleaner way to authentication to their site with OAuth integration. That is cleaner way to integrate.

Documented clearly here on the steps,

https://www.zoho.com/crm/help/api/using-authentication-token.html

Any other mode of authentication is not allowed and may be blocked by Zoho.

Hope it helps.