0

We're building a SAML solution, which at one stage involves us serving up a html form with various parameters prefilled, set to POST to an endpoint on a web service independent of us. This form is then automatically submitted via JavaScript. (i.e. this is SAML POST binding)

For debugging, it would be absurdly useful if we could find out if this auto-POST was successful. Does anybody have any ideas on how we could do that? Simply being able to get the HTTP status code, or being able to find out if the request times out, would be hugely helpful.

Current progress:

As far as I can tell, there's no way to check the actual result of the submission of a form directly, and I don't think you can get the status of the next request from the onunload event.

We'd be prepared to restructure this to instead do the POST with AJAX, but I don't think we can make this work against the other endpoint's domain. I'm also wondering if we could load the other page in a frame and get some information of that somehow, but I know that does also have its own set of cross-domain restrictions.

Finally we could try doing the POST server-side first and analysing that, but it's quite likely that the server we're hitting is on a network only locally available to the client, so that's probably just not feasible, in addition to having all sorts of problems with replay and so forth.

Any ideas or solutions would be extremely useful!

Improve this question

2 Answers 2

Reset to default
0

For testing, how about the browser's built-in debugging? Chrome lets you see all the web requests, including headers (described here), and Firebug has something similar.

If you're talking about knowing the result not just during testing, but getting the POST success status back from your users, then I think the cross-domain restrictions are too strong, unless:

  • the third-party service supplies some kind of "did it work" URL you can access with JSONP
  • the third-party service is configured to allow cross-site AJAX using CORS (MDN docs)
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

We've been using that as we develop at the moment, but we're going to deploy this soon and the people who'll be using the browsers are our customers. We're trying to get to a position where if they have an error doing the POST, we can send a quick AJAX request off to an endpoint on our end somewhere and record the fact that it failed, and the data we were trying to send.
Hmm, I'm not sure there's much you can do there. Is there a way of querying the third-party web service for success? If so, could you just wait 10 seconds or so, and check some other URL using JSONP or something. Not ideal, but...
0

Here is the basic example of an AJAX request:

var xmlhttp;
if (window.XMLHttpRequest)
    xmlhttp=new XMLHttpRequest();
else
    xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");

xmlhttp.onreadystatechange=function()
{
    if (xmlhttp.readyState==4 && xmlhttp.status==200)
        document.getElementById("myDiv").innerHTML=xmlhttp.responseText;
}
xmlhttp.open("GET","ajax_info.txt",true);
xmlhttp.send();

Notice the line with xmlhttp.status == 200. You should be able to check this variable to see what status is returned from the AJAX call. So you could do something like this:

var xmlhttp;
if (window.XMLHttpRequest)
    xmlhttp=new XMLHttpRequest();
else
    xmlhttp=new ActiveXObject("Microsoft.XMLHTTP");

xmlhttp.onreadystatechange=function()
{
    console.log("STATUS = "+ xmlhttp.status);
}
xmlhttp.open("GET","ajax_info.txt",true);
xmlhttp.send();

Is that what you're looking for?

Improve this answer

6 Comments

The issue is that the site we're posting to is on another domain, and I'm fairly sure the same origin policy will make these cross-domain AJAX requests always fail in the browser. Is there a way around that?
It's possible that you already know more about this than I do...but do you know about crossdomain.xml files? I know that for a project I was working on, I needed a crossdomain.xml file on the target server in order to make an AJAX call from the source server. If you don't know about crossdomain.xml files, just Google that and you will get a slew of info about it. Sorry if I'm way off-base about this. Like I said, I may be way out of my league here.
I didn't realise crossdomain.xml was used for AJAX requests as well - I thought it was just an Adobe thing.
@cloudfeet: Actually, you might be right about that. Now that I think about it, I might have used crossdomain.xml for making a cross-domain call from Flash. This post offers what might be a good solution...
@Travesty3 Depends what the POST actually does. If it's authentication, then it might be doing something like setting a cookie on the other domain, which using a PHP proxy wouldn't preserve.
|

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.