Closed jfornoff closed 3 years ago
kjhnns
commented
6 years ago you r perfectly right - the xhr destination is on the same domain though. thus, before running into any XSS issues (no ssl on our server yet) we opted to only support our instance of sosci i will try the absolute path
jfornoff
commented
6 years ago We were asked to embed these snippets into our seminar surveys, and those are not hosted on your Sosci instance as far as i understand, the call definitely 404s on the standard soscisurvey.de
True on the XSS though, might have to change the Access-Control-Allow-Origin depending on what it's set to currently 🤔
kjhnns
commented
6 years ago Usually the experiments of our chair are operated by this sosci instance http://umfragen.ise.tu-darmstadt.de/sosci/
Therefore, the sendy instance is http://umfragen.ise.tu-darmstadt.de/sendy/
yeah no doubt that there is room for improvement - first and foremost I would like to see some letsencrypt on that server.
You could either migrate the existing experiment with the sosci import/export feature or you redirect the participants to the designated sosci signup form http://umfragen.ise.tu-darmstadt.de/sendy/subscription?f=tUUkjJld1MDQOfE4Xpk7wZtXUhG892X892VBWp3BUy6wU8K0qqrhhLujaGa1vYtGID65VcUvJoGtDwVBbSBYzG1FAg
gregoralbrecht
commented
3 years ago Closing this as WONTFIX
The snippet will not work since the
XMLHttpRequestis opened to a relative URL, therefore the request will be sent to the host that the snippet is embedded in :^)