Your Achievements
Level 1
0% to
Level 2
Next /
to gain points, level up, and earn exciting badges like the new Applaud 5 BadgeLearn more!
View All BadgesSign in to view all badges
Open Alert Bar
SOLVED

Re: Adding custom headers to forms2 POST request?

Go to solution
linodejt
Level 1
Level 1
‎12-19-2024 10:20 AM
‎12-19-2024 10:20 AM

Adding custom headers to forms2 POST request?

I have a need to add a custom header — e.g. `X-My-Custom-Header: my-header-value` — to the POST request sent by a marketo embed on a third-party website.  The header is needed by a security layer that we have protecting the subdomain used by our marketo instance.

 

Has anyone ever tried something like this?  Any creative javascript solution for intercepting/injecting the header into the POST request?

0 Likes
193
Reply
1 ACCEPTED SOLUTION

Accepted Solutions
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎12-19-2024 10:39 AM
‎12-19-2024 10:39 AM

Re: Adding custom headers to forms2 POST request?

This seems kind of silly from a security standpoint? If it’s a static value that you add to every form post, a malicious person can just see the header on your site and send it themselves using a crafted POST. (This is a general reality with marketing forms: you can’t add meaningful authentication layers to them, because by definition they’re on public pages.)

 

In any case, yes, it is possible if you point to a custom XDFrame. As long as nobody is thinking “our forms are protected against forgery now”.

View solution in original post

0 Likes
189
Reply
2 REPLIES 2
SanfordWhiteman
Level 10 - Community Moderator
Level 10 - Community Moderator
‎12-19-2024 10:39 AM
‎12-19-2024 10:39 AM

Re: Adding custom headers to forms2 POST request?

This seems kind of silly from a security standpoint? If it’s a static value that you add to every form post, a malicious person can just see the header on your site and send it themselves using a crafted POST. (This is a general reality with marketing forms: you can’t add meaningful authentication layers to them, because by definition they’re on public pages.)

 

In any case, yes, it is possible if you point to a custom XDFrame. As long as nobody is thinking “our forms are protected against forgery now”.

0 Likes
190
Reply
linodejt
Level 1
Level 1
‎12-26-2024 06:30 AM
‎12-26-2024 06:30 AM

Re: Adding custom headers to forms2 POST request?

Thanks Sanford.  The custom header value is not static, and isn't used for authentication, so shouldn't be easy to spoof.

Can you point me toward more information or examples of how I go about using a custom XDFrame?

0 Likes
129
Reply
Home