{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 在下西门庆 的问题《Submitting a form to another server: Do I need an》','https://www.manongdao.com/q-1042833.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
So I was asked to look at reconstructing a section of a website which I didn't build. One of the issues I'm running into is a contact form which is being loaded through an iFrame from another server. Obviously, the form's action submits to the other server, and the information is stored in a database for the client to see later.
I've never had to deal with something like this before and I'm wondering if I need to go through some sort of API the host may be able to provide, or can I recreate the form so I can style it and just have it submit to the same server. Sorry for the noob level of this question, but I'm just looking to be pointed in the right direction.
Actually, this type of reject might or might not happen: Since a server needs to read the referrer to reject, but the referrer isn't sent by each and any browser.
Additionally, beware of protection mechanisms like session ids. Or some kind of authorization hash injected into forms as a hidden field.
While what you are planning to do, technically works (I have done it myself on several occasions), it is possible the remote host might reject POST data from locations other than itself.
For example, if your site is running at www.example.com and the host site is running www.host.com The server running at host.com will be able to determine if you are sending POST data from example.com. This again, is only a problem if they are cross site checking.
Since you don't have access to their server to know, you will just have to try it and see.