javascript - auto login remote site inner in iframe

Question

I have an existing remote site which has Authentication to access, now I want to combine this site in my own site using iframe. Is there any solution which can help to auto login remote site when load the iframe?

<iframe src="http://remote.com/list"></iframe>

If want to access http://remote.com/list, login require and only post username/password works. How to auto login when iframe loaded?

Here are some restriction

• login only works with post method
• iframe / javascript has cross domain issue
• no login API provide
• no other modification can do in remote site

Answer 1

Everything's possible. However the solution below is very insecure due to disclosure of access details to the remote page.

<form id="login" target="frame" method="post" action="http://remote.com/login">
    <input type="hidden" name="username" value="login" />
    <input type="hidden" name="password" value="pass" />
</form>

<iframe id="frame" name="frame"></iframe>

<script type="text/javascript">
    // submit the form into iframe for login into remote site
    document.getElementById('login').submit();

    // once you're logged in, change the source url (if needed)
    var iframe = document.getElementById('frame');
    iframe.onload = function() {
        if (iframe.src != "http://remote.com/list") {
            iframe.src = "http://remote.com/list";
        }
    }
</script>

The values of username and password inputs are readable on the client side.