Same origin policy
I have been fighting the same origin policy too much today. This article from wikipedia sums it up really well. I'm really surprised in all the googling I've done that not many people mention document.domain. I've seen document.domain before, but I have not run into it in a while and forgot!
I've tried iframes, AJAX, code behind, and even looked at the proxy solution. I still don't have a great solution, but I think I may try to implement the document.domain solution. The problem is I will have to go edit potentially thousands of existing HTML files to add it. I suppose I can script it.
One other thing that prevented code-behind from working is that it's an https connection with an invalid security certificate. I should also mention that this is all internal intranet stuff.
If you google document.domain, the one thing you may miss is that even if you set the same document.domain on different files, the protocol matters. That means they both need to be http or https. No mix and match.
I've tried iframes, AJAX, code behind, and even looked at the proxy solution. I still don't have a great solution, but I think I may try to implement the document.domain solution. The problem is I will have to go edit potentially thousands of existing HTML files to add it. I suppose I can script it.
One other thing that prevented code-behind from working is that it's an https connection with an invalid security certificate. I should also mention that this is all internal intranet stuff.
If you google document.domain, the one thing you may miss is that even if you set the same document.domain on different files, the protocol matters. That means they both need to be http or https. No mix and match.
Comments
Post a Comment