tags:

views:

153

answers:

1
Q: 

Updating a http parent page from a https page via Javascript

Hi, I have a unsecure page which opens up a secure (https) page. The secure page needs to update the parent page via a javascript submit() while still remaining the current window. However when I try to do this via javascript I get an "Access Denied" javascript error because the parent page is unsecure.

Any idea of how I can access the parent page, when it isn't secure?

Here is the javascript code that I'm using to perform the submit...

self.opener.parent.frames.item('BODY').document.forms[0].submit();

A: 

Same-Origin-Policy in browsers means that you cannot do this directly. The "Origin" is composed of Scheme/Protocol and Hostname. In your case, the scheme mismatches, so the cross-document request is blocked.

You can use explicity x-frame communication techniques (Fragment Identifier Messaging or HTML5 PostMessage) to send a message to the outer page to execute an event-handler.

EricLaw -MSFT-  2009-07-19 17:01:47

related questions

Retrieving HTTP status code from loaded iframe with Javascript
How to specify an authenticated proxy for a python http connection?
Why does HttpCacheability.Private suppress ETags?
How to respond to an alternate URI in a RESTful web service
Is there a reason to use BufferedReader over InputStreamReader when reading all characters?
What would be a good, windows and iis (http) based distributed version control system
Database query representation impersonating file on Windows share?
How do I use NTLM authentication with Active Directory
Process raw HTTP request content
How would you implement FORM based authentication without a backing database?
Reading "chunked" response with HttpWebResponse
Best way to let users download a file from my website: http or ftp
How do I convert a date to a HTTP-formatted date in .Net / C#
What is the best way to upload a file via an HTTP POST with a web form?
How do I stop IIS7 dropping my cookies?
Checking FTP status codes with a PHP script.
HTTP Libraries for Emacs
Accessing post variables using Java Servlets
HTTP: Generating ETag Header
HTTP: How to know when to send a 304 Not Modified response
How do I best detect an ASP.NET expired session?
How can I make the browser see CSS and Javascript changes?
How to curl or wget a web page?
The Definitive Guide To Website Authentication
Implementation of "Remember me" in a Rails application.