tags:

views:

987

answers:

3
+1  Q: 

Work around for the same origin policy problem

I have a problem where I have a frameset consisting of a parent frame loaded from one domain and a contained frame from a different domain. The contained domain also sets a cookie before the frameset is loaded. However, because of the 'same orgin' policy, enforced by most browsers, a contained frame will not pass cookies if it is not from the same domain as the parent.

Unfortunately I have no control over the parent frame (or its url) and the url for the contained frame is effectively static. So the only way to pass information to the contained site is via cookies.

The only solution I have come up with is to reload the contained domain in the parent frame but this negates some of the value of using frames in the first place.

Does anyone have a better work around for this problem?

+1  A: 

There are a lot of ways to do this. Here are two that I've used:

  1. Have both the parent and child load a script from a common source, using a tag. Scripts loaded in this way don't have same-origin issues, and the data they return becomes part of the document object and can interact with other scripts loaded by the document (this is the way that AJAST works).
  2. Create a reverse proxy in the parent domain, and load the frame via this proxy. To the browser, it appears that they're both served from the same domain. The downside is that this can affect caching, and bypasses any content delivery network (eg, Akamai) that you might be using.
kdgregory  2009-07-15 12:59:35
Unfortunately I have no control over the parent domain only the child domain.
Richard Dorman  2009-07-15 13:35:36
+1  A: 

There is also a right way of doing this in HTML 5 with postMessage. See here: http://ajaxian.com/archives/cross-window-messaging-with-html-5-postmessage

stefanw  2009-07-15 13:01:56
I need to support browsers that may not implement HTML 5
Richard Dorman  2009-07-15 13:38:51
A: 

There are a couple of methods of getting around the Same Origin Policy that is preventing your iframes from speaking to each other. If you control both servers then you can use Flash's crossdomain.xml file. If you don't control one of the servers or you would like to use JavaScript, then you are forced to use a "Cross-Domain Proxy", such as this one for java or python or php.

Cross-Site XHR is another option but it isn't supported by all browsers.

Rook  2010-05-26 08:19:55

related questions

Autosizing Textarea
Regular expression for parsing links from a webpage?
What are good tools for creating compiled HTML help files (.chm)?
Looking for WYSIWYG HTML editor
Any reason not to start using the HTML 5 doctype?
HTML comments break down
HTML Comments Markup
Setting a div's height in HTML with CSS
Wrapping lists into columns
Is a "Confirm Email" input good practice when user changes email address?
<XMP> Tag
HTML version choice
Options for HTML scraping?
How do you disable browser Autocomplete on web form field / input tag?
How do I make a checkbox toggle from clicking on the text label as well?
Html CSS Editor
Wordpress theme development offline tools
How do I give my web sites an icon for iPhone?
In HTML, how to word-break on a dash?
Detecting font in JavaScript
How do you test layout design across multiple browsers/OSs?
How do I print an HTML document from a web service?
Multiple submit buttons on a HTML form
How can I determine a web user's time zone?
Why doesn't the percentage width child in absolutely positioned parent work in IE7?