0

I've got two domains A and B.

A hosts a form A/inquire that submits a post request to B/form-submission B accepts a POST request at B/form-submission and redirects to A/thankyou

One tricky thing here is that A hosts the form from within an <iframe> so when the user submits the form the iframe bounces to B then back to A.

About 10-20% of users experience an issue where submitting the form results in the iframe not getting redirect to A/thankyou, but the form data always gets saved so B/form-submission's script must be finishing.

B/form-submission (PHP):

header('Access-Control-Allow-Origin: *');
header("Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Accept-Encoding");
header('Access-Control-Allow-Methods: GET, POST, PUT');

... process form and insert data into db - works 100% of the time ...

header("Location: A/thankyou");
exit();

Of course, I am unable to reproduce this myself...

Is there a way to improve the reliability of this? It doesn't appear to be related to my form processing because the last thing that happens before the redirect is a database insertion that always goes through.

neophyte
  • 6,540
  • 2
  • 28
  • 43
Max Hudson
  • 9,961
  • 14
  • 57
  • 107

1 Answers1

0

Thanks to commenters Gabriel and Taron.

Ruby on rails 4 app does not work in iframe

The setting that breaks iFrames on remote sites is X-Frame-Options. By default, this is set to SAMEORIGIN, which prevents the content from being loading cross domain:

config.action_dispatch.default_headers = {
    'X-Frame-Options' => 'SAMEORIGIN'
}

Adding this fixed my problem

Community
  • 1
  • 1
Max Hudson
  • 9,961
  • 14
  • 57
  • 107