CakeMail Logo

CakeMail Blog

Email marketing for small businesses

The iframe cross-domain policy problem

Posted on January 24, 2011
Cedric Dugas

Written by


Email Marketing
  • Pingback: Tweets that mention Blog » The iframe cross-domain policy problem | CakeMail --

  • Øyvind Sean Kinsey

    Thanks for mentioning easyXDM – even though it is as you say the most powerful library out there, many are still advocating bad practices for XDM.

    If you have any issues or ideas, please do bring them to my attention using the mail list or by creating an issue – I aim for it to be as good as it possible can be :)

    Regarding the `onRead` feature – could you report the nature of this issue? Was it directly related to when you navigated the inner frame (which is not supported, and never will be due to reasons stated numerous times on the mail list)?

  • cedric

    Hey Øyvind,

    Yeah, it was from it directly related to when you navigated the inner frame. At first I thought it worked for a while, I might be mistaken.

    Beside this we currently do not have any issue, its rocking! ;)

  • Michael Geary

    easyXDM sounds very useful – thanks for the reference.

    It’s worth noting, though, that if you simply need to navigate a parent or other window to a new URL, you can do that without any special tricks. Just assign into parent.location or whatever.location as you normally would. There’s no cross-domain restriction on *writing* to a window.location property, only on *reading* from it.

    This is how the popular fragement identifier trick works – one window writes to the hash portion of another window’s URL (which it can do cross-domain) and the other window uses a timer to watch for hash changes.

  • Chad

    Grat timing on this post. I needed to look into this in the next few days. Thanks!

  • Dr_rOot

    Thx 4 share!

  • Pingback: Tech Thursday: Fridge interiors, infographics, InMaps, Rails apps, and (the) Oatmeal | Serene Global

  • Ph

    thanks buddy….

  • Domain registration

    This is just the information I am Finding everywhere it well be very helpful to me thanks to sharing the wonderful articles ..

  • Yinch

    Hi Cedric, thanks for the article… I have been reading cross-domain issues for a few weeks, most of the solution involves that we change the parent domain scripts, but in the case of Facebook, parent script is from Facebook, we have no access to it, and it internally creates the iframe for our FB app, so all the solution can not be used, am I wrong here? thanks.

  • Ken Deeds

    One note if the page you are opening in the iframe is using PHP (could be done with other dynamic lanaguages) when the page first opens if your server has $_SERVER['HTTP_REFERRER'] available you can use this in the page being opened to grab the full url and query string of the parent page. Then set this to a variable in the page you opened in the iframe and you have your parent URL.

  • Denis TRUFFAUT

    I do not understand the point 3.

    How could you, inside a remote iframe, load your local iframe ?

    I mean, its forbiden ?

    I understand all the steps excepted this one.

  • Ren

    I really want to say thank you man

  • cakemail_mireille

    I’ll pass along the sentiment! Thanks for stopping by Ren!

  • Rajesh Londhe

    Is it possible to login remote page using easyXDM?

  • cxytomo

    Hi, easyXDM is only for iframe approach right? Is there a tool that includes all the main tricks like image, xmlhttprequest and so on?