Same Origin Policy to Forms

Forms work in same fashion as anchors or vice versa.

When a user submits a form, say when user make a POST request to siteb.com by submitting the form. The response loads in new context, the orginating site is replaced by the site where the action is defined.

 1<form action="http://store.sitea.com" class="form-signin">
 2          <h1 style="text-align: center;" class="h2 mb-6 font-weight-normal">Login to buy Gifts</h1><br>
 3          <label for="inputEmail" class="sr-only">Email address</label>
 4          <input type="email" id="inputEmail" class="form-control" placeholder="Email address" required autofocus>
 5          <label for="inputPassword" class="sr-only">Password</label>
 6          <input type="password" id="inputPassword" class="form-control" placeholder="Password" required>
 7          <div class="checkbox mb-3">
 8            <label>
 9              <input type="checkbox" value="remember-me"> Remember me
10            </label>
11          </div>
12          <button class="btn btn-lg btn-primary btn-block" type="submit">Sign in</button>
13          
14        </form>

Conclusion - Any website can make a POST request, but can't read the response in same context.