在不同的域上重定向iframe的父级 - 替代逻辑

Question

I know similar questions have been asked before, but I was wondering if anyone could help find a solution to a particular problem:

I have a form that I'd like to embed in a few different web sites, on different domains. This form needs to redirect to PayPal. The plan was to embed this form in an iframe, making it easy to update etc, plus minimal code to embed. However, due to same origin policy I cannot use parent.location.href = "http://PaypalPaymentAddress.com"; to redirect the form. I don't want to process the payment in the frame (Paypal anyway forbids this)...

The only way around this I can think of is having a script run and render the form into the parent page, calling a web service or so to get the HTML, but that would obviously be a lot of work!

Any ideas how I might set this up to get it working?

Answer 1

您可以使用目标属性"_parent"作为表单，当它将被提交时，目标URL将被加载到父窗口中。

Answer 2

My final method was based on Dr. Molle's answer, but slightly different. I have explained it here in case it is useful to anyone else:

I set up the form to submit normally, allowing all my server validation etc to only fire once. If the form submitted successfully (passes the server validation), a small html client page, containing an empty form was posted back.

This empty form has a post action of the parent page URL, and a target = "Parent" and on the client "document ready", a jQuery method submits the form, causing the parent page to reload.

A link with a "_top" attribute is also provided in case scripts are disabled.

<script type="text/javascript">
    jQuery(document).ready(function () {
        $("#redirectForm").submit();
    });
</script>
<a href="{parentpageurl}" id="redirectLink" target="_top">click here if not redirected automatically</a><br />

<form id="redirectForm" method="POST" action="{parentpageurl}" target="_parent">

</form>

One way of getting round the "Same Origin Policy", as this method works cross domain. Hope that helps somebody!