views:

153

answers:

1

Hi, I have a unsecure page which opens up a secure (https) page. The secure page needs to update the parent page via a javascript submit() while still remaining the current window. However when I try to do this via javascript I get an "Access Denied" javascript error because the parent page is unsecure.

Any idea of how I can access the parent page, when it isn't secure?

Here is the javascript code that I'm using to perform the submit...

self.opener.parent.frames.item('BODY').document.forms[0].submit();

A: 

Same-Origin-Policy in browsers means that you cannot do this directly. The "Origin" is composed of Scheme/Protocol and Hostname. In your case, the scheme mismatches, so the cross-document request is blocked.

You can use explicity x-frame communication techniques (Fragment Identifier Messaging or HTML5 PostMessage) to send a message to the outer page to execute an event-handler.

EricLaw -MSFT-