I have plans to apply AJAX to our library catalog but I’m running into a problem where I can’t do XMLHttpRequest events to servers other than the one I loaded the main webpage from. Mozilla calls it the “same origin policy,” everyone else calls it a cross-domain script exclusion, or something like that.
Some Mozilla folks are working on a standard to address the problem, but it could be quite a while before browser support is common enough to build for it.
So Plan A was to use simple AJAX with XMLHTTPRequest. Plan B comes from this crazy suggestion at Apple’s developer site: Remote Scripting with IFRAME. It looks like different functions are subject to different restrictions, so the theory is that a JavaSctript loaded in a page in a hidden IFRAME can call functions from the parent page and do pretty much everything we’ve come to expect of XMLHTTPRequest. Here’s an example they offer.
Crazy as it is it works, and it gets around some cross-domain script exclusions for some browsers, but it still gets trapped by Mozilla.
tags: ajax, apple, browser security, browsers, cross domain, cross domain script exclusion, frustration, iframe, javascript, mozilla, remote scripting, web application, web applications, xdomain, xmlhttprequest
Posted September 19, 2005 by Casey Bisson
Categories: Libraries & Networked Information, Technology. Tags: ajax, apple, browser security, browsers, cross domain, cross domain script exclusion, frustration, iframe, javascript, mozilla, remote scripting, web application, web applications, xdomain, xmlhttprequest.
5 Comments
Comments RSS
TrackBack Identifier URI
Leave a comment
User contributed tags for this post:
cross domain iframe (410) - iframe cross domain (370) - xmlhttprequest cross domain (206) - javascript cross domain scripting (186) - ajax cross domain (184) - iframe domain (157) - iframe cross domain script (123) - xmlhttprequest cross site (120) - cross domain scripting iframe (119) - iFrame cross site (118) - cross domain ajax (102) - allow cross site scripting (93) - iframe cross domain scripting (92) - cross domain ajax iframe (86) - cross domain xmlhttprequest (83) - enable cross site scripting (78) - XMLHttpRequest subdomain iframe (70) - cross domain javascript (69) - cross site iframe (66) - remote scripting iframe (64) - ajax cross domain iframe (62) - jquery iframe (61) - Cross domain iframes (59) - crossdomain javascript (58) - firefox enable cross site scripting (56) - Cross Domain Javascript iframe (55) - firefox cross domain scripting (55) - ajax Iframe (55) - cross domain scripting javascript (52) - javascript cross domain (51) - allow cross domain scripting (51) - javascript cross domain iframe (50) - cross domain iframe scripting (49) - iframe xss (48) - enable cross domain scripting (48) - iframe crossdomain (48) - javascript iframe cross domain (46) - cross domain scripting (44) - REMOTE SCRIPTING WITH IFRAME (43) - jquery iframe cross domain (41) - remote scripting firefox (40) - javascript iframe (39) - iframes cross domain (37) - IFrame remote scripting (37) - javascript crossdomain (35) - scripting iframes (34) - cross domain iframe javascript (34) - firefox allow cross site scripting (31) - XMLHTTPRequest crossdomain (30) - ajax iframe cross domain (30) - iframe remote (29) - iframe cross scripting (27) - javascript iframe domain (27) - enable cross site scripting firefox (27) - remote script iframe (27) - cross site ajax iframe (27) - iframe ajax cross domain (26) - cross domain remote scripting (26) - javascript iframe firefox (26) - ajax cross site scripting (25) - firefox enable cross domain scripting (25) - iframe cross site scripting (25) - iframe google maps crossite (24) - XMLHttpRequest bookmarklet (24) - cross site scripting xmlhttprequest (24) - ajax cross site (23) - ajax crossdomain (22) - javascript iframe cross site (22) - cross site xmlhttprequest (21) - cross domain IFrame ajax (21) - jquery cross domain iframe (20) - XMLHttpRequest cross site scripting (19) - cross site javascript iframe (19) - cross domain scripting firefox (19) - jquery iframe parent (19) - cross-domain IFRAME (19) - iframe cross domain javascript (18) - xmlhttprequest cross (18) - how to enable cross site scripting (18) - iframe javascript cross domain (18) - iframe cross domain ajax (18) - remote iframe (18) - crossdomain scripting (18) - how to allow cross site scripting (18) - remote scripting cross domain (17) - iframes cross site (17) - iframe sandbox (17) - remote (16) - xmlhttprequest firefox (16) - enable cross domain scripting firefox (16) - cross domain ajax google maps (16) - remote scripting iframes (16) - enable iframes in firefox (16) - cross site scripting allow (16) - iframe JavaScript restrictions (16) - crossdomain iframe (15) - iframe remote script (15) - google maps cross domain (15) - Firefox remote scripting (15) - javascript iframes firefox (15) - cross domain hack (15) - xss iframe (15) - javascript iframe scripting (14) - IFRAME cross domain xmlhttprequest (14) - javascript iframe remote (14) - cross site scripting enable (14) - iframe javascript (13) - Firefox iframe javascript (13) - javascript iframe Remote Scripting (13) - allowing cross site scripting (13) - scripting iframe (12) - ajax cross (12) - iframes (12) - firefox iframe cross domain (12) - cross domain ajax mozilla (12) - cross domain firefox (12) - iframe firefox (12) - firefox enable cross domain (12) - allow cross-site scripting (12) - remote scripting (11) - scripting firefox (11) - iframe javascript domain (11) - cross site scripting iframe (11) - enable cross site scripting in firefox (11) - iframe cross domain security (11) - enable cross domain firefox (11) - firefox cross frame scripting (11) - F (11) - cross domain iframe jquery (11) - iframe cross-domain (11) - cross iframe scripting (10) - remote scripting iframe javascript (10) - google xmlhttprequest cross domain (10) - AJAX IFrames cross domain (10) - ajax same origin (10) - javascript iframes (10) - AJAX iframes (10) - cross domain javascript frame (10) - firefox cross site scripting enable (10) - firefox enable remote scripting (10) - xmlhttprequest different domain (10) - enabling cross site scripting (10) - crossdomain javascript iframe (10) - iframe cross-site (10) - iframes remote scripting (9) - hidden iframe remote scripting (9) - xmlhttprequest remote domain (9) - enable cross scripting (9) - javascript iframe remote script (9) - firefox cross domain (9) -
[...] [2]Â Plan B: Remote Scripting With IFRAMEs [...]
Single pure javascript to extract information from a webpage at different domain is impossible!…
I tried to load some webpages via an iframe. I can load a arbitrary webpage into an iframe, but I can’t access any information from this iframe for security issues. Cross-domain information exchange seems to be impossible, if I don’t have s…
[...] » Plan B: Remote Scripting With IFRAMEs So Plan A was to use simple AJAX with XMLHTTPRequest. Plan B comes from this crazy suggestion at Apple’s developer site: Remote Scripting with IFRAME. It looks like different functions are subject to different restrictions, so the theory is that a JavaS (tags: maisonbisson.com 2007 cross_domain ajax) [...]
Any success in this arena? We’re implementing a proxy for our own work, but wish to offer JavaScript libraries for others to access our utilities.
I am also in a similar predicament - and I don’t know a good solution either…