[Dojo-interest] Dojo cross-domain communications (iframe)

James Burke jburke at dojotoolkit.org
Tue Jun 22 12:46:52 EDT 2010


On Tue, Jun 22, 2010 at 7:07 AM, Stefano Gargiulo <rastrano at gmail.com> wrote:
> what do you need excactly?
> 1) cross-domain ajax requests?
> 2) operating with a real iframe document dom?
>
> for 1) see dojo.io.script and jsonp
> for 2) wait html5 and the allow-same-origin attribute in iframes.
>
> (i always thought same origin policy esagerate:
> http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html#relaxing-the-same-origin-restriction
> )

I believe document.domain is not allowed to change to just any domain,
but allows some sub-domain flexibility. However, it opens up more
security issues -- postMessage is a better, more secure way to
communicate across frames that allows for communication across any
domain, as long as both sides agree to listen.

James


More information about the Dojo-interest mailing list