Posting form with a https:// action to hidden iframe

I have the following on a page:

<iframe w开发者_运维问答idth="1" height="1" name="hidden-iframe">
<form id="myform" method="POST" action="https://mysite.com/process-form-data.php" target="hidden-iframe">
<input name="data" />
<input type="submit" value="Submit" />
</form>
<script type="text/javascript">
    $('#myform').submit(function(){
        $('#myform').submit();
        setTimeout("location.reload(true);",5000);
        return false;
    });
</script>

I want the form to be POSTed to the hidden iframe, wait 5 seconds (to give the form data plenty of time to be sent) and then refresh the page.

This process works just great if the form action is http.

However, when the form action is https, when the user hits Submit, the form data is sent and https://mysite.com/process-form-data.php is loaded by the browser. The form data doesn't get posted to the hidden iframe, there is no 5 second timeout, and the original page is not refreshed.

Any idea how to make the stated goal happen? I should add that the action of the form is on a different domain than the page itself. Clearly there must be some kind of cross-domain security issue happening here. Is there some better way to do this? I'm open to any suggestions.

Yes this is a cross-domain security issue. I believe you'd have the same problem even if they were on the same domain but one was SSL (https) and the other not (http).

Is it possible to build a service (on https://mysite.com/) to receive your post? You can then do an AJAX post and act upon the response with the JavaScript on your site. This would also be much more robust than "wait 5 seconds"

Hope this helps and is an option. Failing that, your remaining option is to redirect to the new domain's form directly (no iframe, whole new page) and then redirect back to your site. Clunky, but honest to end-users. A (real, window.open()) popup may make it slightly less jarring.