1 of 1 people found this helpful
You should be running Munchkin and using the Forms API (not the REST API) to submit these custom forms to Marketo. Anything else is creating both an attribution encumbrance and a DoS attack vulnerability.
I'm also facing a similar issue.
Here are steps to reproduce this issue.
- From external (usual advertisement ) site, click an advertisement link
- my website's form page loads Munchkin, user submit a form from this page, that submits to my websites backend
- from the backend, I'm sending a POST request to Marketo
I can see my website's form page in Original Referrer, but I wan to see external (origin) site.
Any help on this issue will be highly appreciated.
The referrer is not always present for reading, particularly if your page is running over http:// but the referring page was running over https:// (this is a longstanding browser security rule that must be deliberately overridden by the referrer).
I strongly recommend you use the typical Marketo form flow, not something hacked-together on your back end.
Thanks for quick reply, Sanford,
I had to route all form submissions via a customized backend to sanitize submitted data, because marketo is vulnerable to XSS.
Marketo was accpeting scripts such as: <script>alter('marketo is vulnerable to XSS')</script>
I'm not sure if Marketo has resolved this vulnerability at their end. Any one from Marketo team can you please confirm if this XSS issue is resolved?
Sanitize your output. There's no XSS unless you echo that value in an executable context.