We Keep Coding

How to securely post data from 3rd party API https page to own server

I am using an API where I can put my script on the 3rd party checkout page (https). I need to fetch the details that user is entering on checkout page.
I placed a javascript file and using jsonp ajax request on click of 'Order' button, I am sending the user form information in serialize form to my own server (http).
$(document).ready(function(){
$('.place_order.btn').click(function(){
var formData = $('form').serializeArray();
$.ajax({
type: 'POST',
url: 'http://myserver-script/test.php',
crossDomain: true,
data: formData,
dataType: 'jsonp',
success: function(responseData, textStatus, jqXHR) {
alert('POST Success');
},
error: function (responseData, textStatus, errorThrown) {
alert('POST failed.');
}
});
})
});
What are the steps that I need to follow to make information transfer secure?
Thanks

Error in CORS ajax request

In php i do echo json_encode($dump);
If echo it out using php i get {"load":"0.64 0.58 0.52 2\/361 12978\n","procs":"8\n"}
Than i make CORS Request using dataType:jsonp
$(function () {
$.ajax({
type: "POST",
ContentType: 'application/json; charset=utf-8',
url: 'http://labs.isaumya.com/loadtest/load',
dataType: "jsonp",
success: function (response) {
console.log(response.data);
},
error: function (xhr, status, error) {
console.log(error);
}
});
});
I get this error on the console:
DEMO

You are dealing with JSON, not JSONP. dataType: "jsonp", should be dataType: "json",
You can remove the data parameter entirely if your server outputs the correct content-type header for JSON (application/json).
JSONP is a hack to work around the Same Origin Policy from before CORS was designed and implemented by browsers. CORS is the modern approach to making cross origin requests. You use it instead of JSONP.
Both CORS and JSONP are technologies that must be supported by the server. http://labs.isaumya.com/loadtest/load doesn't appear to support either. You will have to modify the server if you want it to supply data in JSONP format or grant permission with CORS.
Unrelated to your actual problem:
You have no data parameter so you aren't sending JSON to to the server, remove the ContentType parameter. Since you aren't POSTing any data, you should probably be making a GET request, not a POST request.

CROSS DOMAIN ISSUE--jsonp not working

I need to access a php file from another server
i.e, the server which I have doesn't support php.I need to send email from this.
I tried cross domain a server which has php and php function to send email.
I tried this using Jsonp
This is my code
var app = 'http://www.maildomain.com/mail.php';
$.ajax({
url: app,
async: true,
dataType: "jsonp",
jsonp: "jsoncallback",
type:"POST",
success: function(html){
alert("aa");
},
error: function(){
}
});

Disable same origin policy in Chrome
Go to this link
It should work after you done this
It's google chrome that is doing cross domain issue

Thanks for the answers given.
Everybody was close to the answer
I got it anyway... it was an asynchronous parameter which was causing problem. It needed to be set false.
This worked
var app = 'http://www.maildomain.com/mail.php';
$.ajax({
url: app,
async: false,
dataType: "jsonp",
jsonp: "jsoncallback",
type:"POST",
success: function(html){
alert("aa");
},
error: function(){
}
});

AJAX headers ending up in HTTP_ACCESS_CONTROL_REQUEST_HEADERS on PHP side

I'm trying to get the SalesForce Rest API to work and I've debugged my problem down to this point:
When I make an AJAX call from my web app to my back-end (which is on a different domain than the backend), all of the AJAX headers end up crammed into $_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS'] and there is no way for me to get access to their values.
return $j.ajax({
type: 'POST',
url: my_endpoint_url,
cache: false,
processData: false,
data: 'grant_type=refresh_token&client_id=' + this.clientId + '&refresh_token=' + this.refreshToken,
success: callback ,
error: error ,
dataType: "json",
beforeSend: function(xhr) {
if (that.proxyUrl !== null) {
xhr.setRequestHeader('SalesforceProxy-Endpoint', url);
}
}
});
On the server side, I only receive:
[HTTP_ACCESS_CONTROL_REQUEST_HEADERS] => accept, salesforceproxy-endpoint, doiwork, origin, content-type
How can I access the value of "salesforceproxy-endpoint" over on the server side? Likewise, I can't seem to find the "data" of the ajax call anywhere..
UPDATE: Just for giggles I moved my end-point to the same domain. Now it is working as expected.
[HTTP_SALESFORCEPROXY_ENDPOINT] => https://login.salesforce.com//services/oauth2/token
Is there any way to get this working cross domain?

You just got aware what the Same origin policy is ;)

full URL path in ajax

Is it okay to put full URL path in ajax? I'm having problems accessing the url and I'm getting status 0 for my error response.
$.ajax({
url: "http://fullurlpath.com/php/myphppagedata.php",
type: "GET",
data: "somedata="+somedata,
error: function(XMLHttpRequest, textStatus, errorThrown) {
alert(XMLHttpRequest.responseText);
}
}).error(function(xhr){
alert(xhr.responseText);
alert(xhr.status);
}).done(function(data){
alert(data);
});
Also, inside my http://fullurlpath.com/php/myphppagedata.php I have
header('Access-Control-Allow-Origin: *');

http://en.wikipedia.org/wiki/Same_origin_policy
http://bob.ippoli.to/archives/2005/12/05/remote-json-jsonp/

Instead of requesting it with your client's browser using jQuery, I would make a page on your own domain, for instance call it request.php with:
echo file_get_contents("http://fullurlpath.com/php/myphppagedata.php");
This way your server will request the resource, so that you won't have the same origin policy issues. Then ajax this file instead.
$.ajax({
url: "request.php",
...
You can also use cURL instead of file_get_contents() for more elaborate functionality.