Drag and drop cross domains, iframes, browsers windows

Question

Thanks stackoverflow i solved a lot of my javascript problems, but now i stopped at the point without hope. It is hard to describe, there is clear video shows my problem with drag drop cross-domains iframe.

http://www.youtube.com/watch?v=v65mO27h75E

• First part in Iceweasel (and FF, Opera) = iframe d&d work OK.
• Second part in Chromium (and Chrome) = iframe d&d NOT work.

and there are links to example iframes set and iframes sources:

• parent page: http:// msdrop.com/msdrop-jquery-test-iframe-frameset.htm
• iframe A: http:// msdrop.com
• iframe B: http:// nextgd.com/msdrop-jquery-test-iframe.htm

Is it Chrome bug, or security that comes under "Same origin policy"? This is strange because d&d works excellent between two windows, and want not work at all from parent window to iframe.

Thanks for suggestions. Piotr

EDIT: It's possible Chrome/Chromium security mitigation is overly broad. Issue 251718: https://code.google.com/p/chromium/issues/detail?id=251718

Answer 1

Now, at: http://msdrop.com/msdrop-jquery-test-iframe-frameset.htm there are 4 iframes

• IFRAME A: the same domain as parent
• IFRAME B: other domain
• IFRAME C: the same domain + sandbox="allow-scripts"
• IFRAME D: other domain + sandbox="allow-scripts"

In FF, all frames works that i expects.

In Chrome, and Chromium only on iframe A works all dragover, dragenter, dragleave, and drop events.