1

I need a javascript form filler that can bypass the 'same origin policy' most modern browsers implement.

I made a script that opens the desired website/form in a new browser. With the handler, returned by the window.open method, I want to retrieve the inputs with theWindowHandler.document.getElementById('inputx') and fill them (access denied).

Is it possible to solve this problem by using Isapi Rewrite (official site) in IIS 6 acting like a reverse proxy? If so, how would I configure the reverse proxy?

This is how far I got:

RewriteEngine on
RewriteLogLevel 9
LogLevel debug 

RewriteRule CarChecker https://the.actualcarchecker.com/CheckCar.aspx$1 [NC,P]

The rewrite works, http://ourcompany.com/ourapplication/CarChecker, as evident in the logging. From within our companysite I can run the carchecker as if it was in our own domain. Except, the 'same origin policy' is still in force.

Regards,

Michel

1 Answers1

0

While still a bit fuzzy on the details (which browser for example, and which domain is hosting the original call to window.open and what the new domain is)...

You might be approaching this from the wrong angle. While a reverse proxy could in theory be used to assist in the cross-domain issues, there are going to be a ton of problems in getting this right. You will be fixing a never ending stream of problems with the content being modified and other things you can't even begin to imagine. And it is just generally a bad idea to try a circumvent the browser security in this way. I would strongly recommend going down one of two routes:

1) Purchase some software like RoboForm that functions as an add-on to your browser, and isn't limited to the security model inside the browser.

2) Rewrite some of your JavaScript logic in Bookmarklets and JSONP requests. Look at how the "Note in Google Reader" or the "Note in Evernote" bookmarklets (or chrome extensions) do it - this is basically what you are going to need to do.

Goyuix
  • 3,164
  • 5
  • 28
  • 37