Before we can explain the solution to this problem, we need to explain the mechanism that makes sending requests to external servers possible. First of all, browser don’t allow AJAX requests that go beyond the domain from which the page was served. That is why an attempt to send a request manually to our service with an XMLHTTPRequest object would end in a security alert. To bypass this protection and enable custom element developers to integrate external services, ActiveForms offers a proxy mechanism for requests from custom elements.
When a sendRequest function is used in custom element code, the request is not sent directly to the specified URL. It is sent to the ActiveForms server, which acts as a proxy and forwards the request to the target server. Obviously, the response returns the same way. The request and response headers are transferred.
This solution allows us to modify the address where the request really goes on the ActiveForms server. The custom element can be configured so that a fixed string can be attached to specific requests sent from the element. In the custom element Properties select yes in External request suffix and specify:
From now on, all requests sent by the given custom element to an address that begins with the specified phrase will be complemented (by concatenation) by the specified string. In practice, you can write the following:
Request suffix: ?user=adam&pass=auFd832f
Beginning of the URL: https://myserver.com/products
Moreover, since a custom element usually sends requests of only one type, you can write:
Request suffix: myserver.com/products?user=adam&pass=auFd832f
Beginning of the URL: https://
If you want additional protection for the server against external requests, it is a good idea to cut off traffic from servers other than ActiveForms at the network layer level.