0

First, thanks for taking the time to read this. I've come across a unique situation and I'm hoping someone can help me out, or at least point me in a new direction as I've been fighting with this for a while now to no avail... Hoping I can explain this in a way that it makes sense.

I'm currently doing POST to my index.php file (from our system - not web based), and within that file, I'm using a 3rd party vendor .JS file to tokenize a specific value. At the end of page, I have a javascript function that is handling the tokenization process, and then after it's tokenized, i'm doing a javascript form submit to post the tokenized value to an API page to process the second part of the process.

I created static input fields to test the process, and everything is working as it should when I process from a web page via 'submit' button. However, when I try and test this using the POST process from our system (not web based), it doesn't follow the flow I expected with the javascript.

Additionally, I'm doing the javascript "onload" function because the goal is that as soon as the POST values have been posted to the page, and the tokenization process has completed, it will automatically submit the form.

Thanks in advance for any help - If you have questions, please let me know, as I'll be watching this thread closely.

Example Code:

<form method="POST" id="APIPOST" action="api.php">
    Mode:        <input name="mode" value="<?php echo $_POST['mode']; ?>">
    Key:         <input name="key" id="key" value="<?php echo $key; ?>">
    Client Name: <input name="client_name" value="<?php echo $_POST['client_name']; ?>">
</form>

<script>
window.onload=(function(){

        //Tokenization code is here
        document.getElementById("APIPOST").submit();
});
</script>
TecHalo
  • 51
  • 9
  • read about cross domain javascript post ajax. I suspect that is your issue. One way to solve that is by putting the right crossdomain.xml file in the root of the url you submit to via JS. – Itay Moav -Malimovka Dec 29 '18 at 01:02
  • What do you mean by "not web based"? How are you executing the PHP if it's not on a webserver, and what's executing the JavaScript if it's not a web browser? – Barmar Dec 29 '18 at 01:04
  • Sorry,not able to understand clearly. Are you want to submit using AJAX? Refer Submit using javascript https://stackoverflow.com/questions/9855656/how-to-submit-a-form-using-javascript – Dipti Dec 29 '18 at 04:58
  • It sounds like whatever non web process that is posting to the PHP script is not executing the JavaScript as exepected. More detail on what this is would be helpful here but if it is a not a web browser it is probably a bad idea to rely on JavaScript for tokenisation. Can you not do the tokenisation in PHP? That would avoid the need to do a double post. – jcbdrn Dec 29 '18 at 08:22

1 Answers1

0

I'm guessing that the Tokenization code is async, therefore running on a different thread. Let me try and demonstrate.

Here is your Javascript:

window.onload=(function(){

    //Tokenization code is here
    document.getElementById("APIPOST").submit();
});

This line, waits until the page has loaded, then starts the script

window.onload=(function(){

This is my guess, that the Tokenization code is performing some kind of AJAX call. Which takes a moment to run, but does NOT block the rest of the code from running.

You may have a same-origin policy issue as well, but let's assume you do not.

    //Tokenization code is here

Now, while your Tokenization code is running in the background, you are trying to submit your form. That is fine, but your Tokenization code has not completed its job yet and the token values have not returned.

document.getElementById("APIPOST").submit();

How to fix: Move the following line to after the token values are returned within the Tokenization code, not after the call:

document.getElementById("APIPOST").submit();

For example:

function getToken() {
    // make remote call to get token and
    // on valid result, call updateTokenVal()
}

function updateTokenValue(str) {
    // do stuff with str value
    // then submit the form
    document.getElementById("APIPOST").submit();
}

window.onload=(function(){
    //Tokenization code is here
    getToken();
});
Tigger
  • 8,980
  • 5
  • 36
  • 40