Hi,
heres the problem explanation:
Im on the domain https://www.example.com - theres an Order-Form with the Action https://www.example-otherdomain.com with an other SSL Certificate.
On some conditions i set the form action to https://www.example.com so that it will be posted on our domain, but if the user uses a CreditCart it should get posted to https://www.example-otherdomain.com.
So far so good.
But in some rare conditions, users with CreditCards still posts their form to https://www.example.com.
So my idea is: Is there some Same-Domain-Policy for Javascript/HTTPS to protect the user from phishing?
It seems that to set the FormAction to the same domain works, but not to reset it to the external one (with JS).
I cant reproduce this error, so im asking here if someone knows if theres such a problem.
It doesnt matter which UserAgent the user has (there are post datas from FF, Chrome, Webkit, IE7/8)
Thx!