Menu
I have a question regarding the same-origin policy.
My company has many subdomains and in one of them they would like an iframe with another subdomain inside of it and populate the form of the iframe.
I have read about the document.domain property and that I would need to set in on all three domains, however I can not easily test this due to each subdomain belonging to a different department. So here is my question:
Is this possible when the subdomains are both https, and the root domain is not? I looked at the examples on wikipedia, but that didn't help me. Any help would be greatly appreciated.
Example:
https://x.company.org
https://y.company.org
http://company.org
x.company.org will have a page with an iframe of y.company.org which has a form that we would like to auto populate.
607
The Basics of the Same-Origin Policy One such restriction is that scrips executing on http://example.com are not allowed to access resources on http://subdomain.example.com . Restrictions are applied based on the document's origin where an origin is defined in RFC 6454 Section 4.
Yes you have to enable it. You have to send CORS allow headers from server side to your browser. This is because a subdomain counts as a different origin.
The same-origin policy restricts which network messages one origin can send to another. For example, the same-origin policy allows inter-origin HTTP requests with GET and POST methods but denies inter-origin PUT and DELETE requests.
Changing Origin Occasionally, the same origin policy may block requests between subdomains on the same domain. The easiest way to solve this problem is to set document. domain from within JavaScript.
The things that define a domain in this context are protocol, port and domain so http://abc.com and https://abc.com are considered different domains by your browser (http vs https).
http://en.wikipedia.org/wiki/Same_origin_policy#Origin_determination_rules
https://x.company.org and https://y.company.org are also considered separate domains but they can both relax their domain setting to https://company.org and cross-communicate.
http://en.wikipedia.org/wiki/Same_origin_policy#document.domain_property
There's another option available to you now as HTML5 is in all the major browsers. Using the HTML5 postMessage you can communicate across domains, assuming the receiving domain wants to accept the message and respond.
http://html5demos.com/postmessage2
64
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
