CSRF Attack With FORM GET And IFRAME
I'm try to see if a website is vulnerable to CSRF with following code The iframe tag is added here to avoid the page redirect when the form is submitted from the java script. When
Solution 1:
If all you want to do is obtain the HTML of an external page and add that to an <iframe>
, then you need to use a server-side language (NodeJS, PHP, Python), because of this reason (thanks @Hannes):
All common Browsers do not allows Javasript Calls to access any Pages with another (sub)Domain because of the Same Origin Policy. The only way to work around that is to set up some kind of "proxy" on your own server (for example an php Script) that runs under the same Domain, gets the Information you want from a third source and prints them out.
Taken from here.
Post a Comment for "CSRF Attack With FORM GET And IFRAME"