Set form action dynamically in https-area

Posted by Beerweasle on Stack Overflow See other posts from Stack Overflow or by Beerweasle
Published on 2010-04-09T14:02:38Z Indexed on 2010/04/09 14:13 UTC
Read the original article Hit count: 214

Hi,

heres the problem explanation:

Im on the domain https://www.example.com - theres an Order-Form with the Action https://www.example-otherdomain.com with an other SSL Certificate.

On some conditions i set the form action to https://www.example.com so that it will be posted on our domain, but if the user uses a CreditCart it should get posted to https://www.example-otherdomain.com.

So far so good.

But in some rare conditions, users with CreditCards still posts their form to https://www.example.com.

So my idea is: Is there some Same-Domain-Policy for Javascript/HTTPS to protect the user from phishing? It seems that to set the FormAction to the same domain works, but not to reset it to the external one (with JS).

I cant reproduce this error, so im asking here if someone knows if theres such a problem. It doesnt matter which UserAgent the user has (there are post datas from FF, Chrome, Webkit, IE7/8)

Thx!

© Stack Overflow or respective owner

Related posts about JavaScript

Related posts about form