Iframe as an alternative to ajax and sending POST requests?

S

Steve2021-12-01 17:50:53

AJAX

Steve, 2021-12-01 17:50:53

Having wondered about the security of sending requests via ajax (including sending without reloading the page), I came across an alternative way to send POST requests, which looks like this:

<iframe name="votar" style="display:none;"></iframe>
<form action="tip.php" method="post" target="votar">
    <input type="submit" value="Skicka Tips">
    <input type="hidden" name="ad_id" value="2">            
</form>

From the point of view of practicality and safety, does this method justify itself?

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

T

ThunderCat, 2021-12-01
@ThunderCat

From the point of view of practicality and safety, does this method justify itself?

From the point of view of practicality, no, since this is a complete hat, we wrote this in 2005, when Ajax as a phenomenon did not yet exist, and already in 2012 a normal XMLHttpRequest of a healthy person appeared, to which everyone quickly crawled.
From a security point of view, no matter how you send a post request, the internal mechanism will be absolutely the same.

Asked about the security of sending requests via ajax

If security issues arise when sending data through a post, then you are transmitting something wrong ...

N

Nadim Zakirov, 2021-12-01
@zkrvndm

Sending data through a frame is rarely used, mainly to bypass CORS when you need to send a request to someone else's site with the result of the request displayed in a frame and at the same time keep the visitor on your site. Sometimes this method is also used to redirect to some site with the Referer hidden, though I don’t know if this method works now, but they definitely used it before.