Home/ Questions/Q 7758441
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-01T13:21:39+00:00

Let’s say I’m at http://www.domain.com/page.html . I want to submit this form: <FORM METHOD=post

  • 0

Let’s say I’m at http://www.domain.com/page.html.

I want to submit this form:

<FORM METHOD="post" ACTION="https://DifferentSite.com/processForm.aspx">
....
</FORM>

Is the server at www.domain.com actually seeing any of the information from the form at ANY point? Or, is this coming directly from the client directly to DifferentSite.com?

The reason I ask, for example as shown above, the form submission calls an HTTPS, and the site I’m on is HTTP only (no SSL). It also has PCI compliance implications if the domain.com server does see and transmit the form info (even if encrypted).

Thanks all.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Is the server at http://www.domain.com actually seeing any of the information from the form at ANY point?

    Not intrinsically, but it could sniff it with JavaScript before submission (or change the URL since that is set by that site).

    Or, is this coming directly from the client directly to DifferentSite.com?

    Yes

    The reason I ask, for example as shown above, the form submission calls an HTTPS, and the site I’m on is HTTP only (no SSL).

    A man-in-the-middle attack could rewrite the form to send the data elsewhere (or copy it elsewhere and let the submission continue to the intended site).

    • 0