POST data transformed to GET parameters #178

Open
hbilges opened this Issue May 4, 2012 · 2 comments

Comments

Projects
None yet
3 participants

hbilges commented May 4, 2012

I tried to send a cross domain POST request using the cors/index.html file. This was not successful because the POST data was transformed to GET parameters. It seems to me that index.html needs this change:

92,107c92,100
< var data = "";
< if (!isPOST) {
< // convert the data into a format we can send to the server
< var pairs = [];
< for (var key in config.data) {
< if (config.data.hasOwnProperty(key)) {
< pairs.push(encodeURIComponent(key) + "=" + encodeURIComponent(config.data[key]));
< }
< }
< data = pairs.join("&");
< console.log("data joined: " + data);
< } else {
< data = getJSON().stringify(config.data);
< console.log("data stringified: " + data);
< }
<

this is actually what i need, do you perhaps have a updated version of this file that you can share?

I'm considering a similar change to my easyXDM cors/index.html file and I would like to know if it would open up a CSRF risk? See this post for more info: http://security.stackexchange.com/questions/10227/csrf-with-json-post.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment