Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What does document.domain = document.domain do?

The client-side JS component of Orbited (a Comet server), requires that if the server is running on a different domain or port to the JS itself, you must execute

document.domain = document.domain; 

before any other JS is loaded. (See the documentation.)

What does this do? It looks like a NOOP! (I've checked and it is in fact necessary.)

like image 248
mjs Avatar asked Sep 26 '09 13:09

mjs


People also ask

Why is it bad to set the document domain to a parent domain?

It undermines the security protections provided by the same origin policy, and complicates the origin model in browsers, leading to interoperability problems and security bugs. Attempting to set document. domain is dangerous.

What is domain in JavaScript?

Definition and Usage. The domain property returns the domain name of the server (the document was loaded from). The domain property returns null if the document was created in memory.

What is domain in HTML?

A domain name is a website's address on the Internet. Domain names are used in URLs to identify which server a specific webpage belongs to. The domain name consists of a hierarchical sequence of names (labels) separated by periods (dots) and ending with an extension.


1 Answers

I actually wrote this code.

When trying to do cross-subdomain/port comet, the iframe needs to have the same document.domain value as the parent frame. Unfortunately, the browser stores the domain name AND port internally for the original document.domain value. But the getter and setter in javascript knows nothing about the port. So the problem is this: if the top frame document.domain is ('example.com', 80), and the bottom frame is ('comet.example.com', 80), how do you get the bottom frame to be ('example.com', 80) as well?

You can't, as changing the hostname portion will necessarily cause the port to be set to null, so the best you can do is ('example.com', null) in the bottom frame. So the top frame also needs to be set to that value, and setting document.domain=document.domain does just that. It changes the internal representation in the browser from ('example.com', 80) to ('example.com', null) and then everything matches up and cross-port/subdomain frame communication works.

like image 63
Michael Carter Avatar answered Sep 17 '22 18:09

Michael Carter