CakeMail Logo

Cakemail Blog

Email marketing for small businesses

The iframe cross-domain policy problem

Posted on January 24, 2011
Cedric Dugas

Written by


Email Marketing

16 responses to “The iframe cross-domain policy problem”

  1. […] This post was mentioned on Twitter by Bottle on Beach, Cedric Dugas. Cedric Dugas said: The iframe cross-domain policy problem […]

  2. Thanks for mentioning easyXDM – even though it is as you say the most powerful library out there, many are still advocating bad practices for XDM.

    If you have any issues or ideas, please do bring them to my attention using the mail list or by creating an issue – I aim for it to be as good as it possible can be :)

    Regarding the `onRead` feature – could you report the nature of this issue? Was it directly related to when you navigated the inner frame (which is not supported, and never will be due to reasons stated numerous times on the mail list)?

  3. Cedric Dugas cedric says:

    Hey Øyvind,

    Yeah, it was from it directly related to when you navigated the inner frame. At first I thought it worked for a while, I might be mistaken.

    Beside this we currently do not have any issue, its rocking! ;)

  4. easyXDM sounds very useful – thanks for the reference.

    It’s worth noting, though, that if you simply need to navigate a parent or other window to a new URL, you can do that without any special tricks. Just assign into parent.location or whatever.location as you normally would. There’s no cross-domain restriction on *writing* to a window.location property, only on *reading* from it.

    This is how the popular fragement identifier trick works – one window writes to the hash portion of another window’s URL (which it can do cross-domain) and the other window uses a timer to watch for hash changes.

  5. Chad says:

    Grat timing on this post. I needed to look into this in the next few days. Thanks!

  6. Ph says:

    thanks buddy….

  7. This is just the information I am Finding everywhere it well be very helpful to me thanks to sharing the wonderful articles ..

  8. Yinch says:

    Hi Cedric, thanks for the article… I have been reading cross-domain issues for a few weeks, most of the solution involves that we change the parent domain scripts, but in the case of Facebook, parent script is from Facebook, we have no access to it, and it internally creates the iframe for our FB app, so all the solution can not be used, am I wrong here? thanks.

  9. Ken Deeds says:

    One note if the page you are opening in the iframe is using PHP (could be done with other dynamic lanaguages) when the page first opens if your server has $_SERVER[‘HTTP_REFERRER’] available you can use this in the page being opened to grab the full url and query string of the parent page. Then set this to a variable in the page you opened in the iframe and you have your parent URL.

  10. I do not understand the point 3.

    How could you, inside a remote iframe, load your local iframe ?

    I mean, its forbiden ?

    I understand all the steps excepted this one.