Skip to content

progressivetech/net.ourpowerbase.remoteform

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

147 Commits

CRM

CRM

 
 

api/v3

api/v3

 
 

docs

docs

 
 

images

images

 
 

settings

settings

 
 

templates

templates

 
 

tests/phpunit

tests/phpunit

 
 

xml/Menu

xml/Menu

 
 

LICENSE.txt

LICENSE.txt

 
 

README.md

README.md

 
 

gendoc

gendoc

 
 

info.xml

info.xml

 
 

phpunit.xml.dist

phpunit.xml.dist

 
 

remoteform.civix.php

remoteform.civix.php

 
 

remoteform.css

remoteform.css

 
 

remoteform.js

remoteform.js

 
 

remoteform.php

remoteform.php

 
 

remoteform.stripe.js

remoteform.stripe.js

 
 

remoteform.stripe.php

remoteform.stripe.php

 
 

spin.css

spin.css

 
 

Repository files navigation

Remoteform

Remoteform allows you to add a CiviCRM form to a remote web site via a few lines of javascript code.

Currently, only profiles and contribution pages are supported (events and petitions are in the works).

Note for Stripe users

If you are using stripe, this version works with payment intents, but requires the patch described in this issue to be applied.

How does it work?

Full documentation is available. See below for an overview.

First, click Adminstration -> Customize data and screens -> Remote Forms.

Enter your web site's address. Only the addresses listed here will be able to submit forms to your CiviCRM instance.

Choose URLs to allow

Second, edit the profile or contribution page to enable remoteform. Here's an example of a profile page (look in Profile Settings -> Advanced Settings):

Enable remoteform for a contribution

Third, copy and paste the provided javascript code to your remote web site and you are done.

Profile shown on remote site

Can I configure how the fields are displayed.

Yes, the javascript api is fully documented. You can change just about everything.

Is this secure?

This extension does open a tiny hole in your CiviCRM armour. Specifically, it allows the sites you specify to by-pass the normal CORS restrictions.

CORS prevents one web site from getting your web browser to post data to another web site, unless the website you are posting to specifically allows it.

There is a good reason for CORS! The main reason is to prevent one malicious web site from taking over your browser and posting information to another web site without your knowledge (for example, a web site could secretly get your browser to change your password in your CiviCRM installation and then take over your account).

Remoteform mitigates against this danger in two ways:

  • You specify the sites to allow. If you specify your organization's web site, then a malicious user would have to take over your web site first

  • Remoteform refuses to operate if your browser is logged into your CiviCRM installation. Even if a malicious user could take over your site, they would not be able to do any damage to your site because all operations are performed as an anonymous user.

License

The extension is licensed under AGPL-3.0.

Requirements

  • PHP v7.0+
  • CiviCRM (5.69) This extension overrides the Contribution Page submit.php file, so you must be sure to run the exact version of CiviCRM specified.

Known Problems

If you or any one who wants to fill out a form generated by Remoteform has Privacy Badger or similar software that restricts javascript from passing data about your session to remote servers, then Remoteform won't work. It will, however, display a friendly warning suggesting that the user disable privacy badger or any other security restrictions that may be in place.

About

Remoteform allows you to easily create CiviCRM forms on a remote web site using a few lines of javascript code.

Resources

Readme

License

View license
Activity
Custom properties

Stars

13 stars

Watchers

10 watching

Forks

8 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 5

Languages