Quoting the socket.io FAQ: Does Socket.IO support cross-domain connections? Absolutely, on every browser! As to how it does it: Native WebSockets are cross-domain by design, socket.io serves a flash policy file for cross-domain flash communication, XHR2 can use CORS, and finally you can always use JSONP.
You can communicate between frames via the message posting API. For example, in your child frame you might call: parent.postMessage(“child frame”, “*”); And in the parent frame, register a message handler: window.addEventListener(“message”, function(event) { console.log(“Hello from ” + event.data); });
I suppose this draft titled “Principles of the Same-Origin Policy” explains (albeit briefly) what’s pretty much in everyone’s head: In principle, user agents could treat every URL as a separate principal and isolate each document from every other URL unless the document explicitly indicated that it trusted that URL. Unfortunately, this design is cumbersome for … Read more
Internet Explorer’s definition of the “same origin” differs to the other browsers. See the IE Exceptions section of the MDN documentation on the same-origin policy: Internet Explorer has two major exceptions when it comes to same origin policy: Trust Zones: if both domains are in highly trusted zone e.g, corporate domains, then the same origin … Read more
The documentation on this seems to imply that it allows multiple origins with a space separated list, but that’s not what it actually means. Here’s what I could gather as the most definitive answer to your question: the Access-Control-Allow-Origin header should be the same value as the Origin header as long as you want to … Read more
Disclaimer: I’m the main author of easyXDM. It is actually not easy to answer this directly, as there are many things to consider. First, lets compare easyXDM and JSONP outside the scope of the question. JSONP allows a client side program (Javascript using the BOM/DOM) to interact with a server side program(.net, php etc using … Read more
In order for this to not be restricted by the same origin policy, you will probably need to do this in both the pages: document.domain = “acmssite.com”;
I found the following link via Google: http://wordpressapi.com/2010/01/28/check-iframes-loaded-completely-browser/ Don’t know if it solves the ‘Page Not Found’ issue. <script type=”javascript”> var iframe = document.createElement(“iframe”); iframe.src = “http://www.your_iframe.com/”; if (navigator.userAgent.indexOf(“MSIE”) > -1 && !window.opera) { iframe.onreadystatechange = function(){ if (iframe.readyState == “complete”){ alert(“Iframe is now loaded.”); } }; } else { iframe.onload = function(){ alert(“Iframe is … Read more
To enable CORS (Cross-Origin Resource Sharing) for your images pass the HTTP header with the image response: Access-Control-Allow-Origin: * The origin is determined by domain and protocol (e.g. http and https are not the same) of the webpage and not the location of the script. If you are running locally using file:// this is generally … Read more