Comments on: Cross domain access now, and support for the future

By: shadedecho

shadedecho — Mon, 04 Aug 2008 01:26:09 +0000

@V1-flXHR is better (IMHO) because it implements the native XHR API. http://flxhr.flensed.com/ :)

@ragjunk-You’re right, the server has to grant permission. But that’s specifically the reason, the point. Technologies which permit or encourage totally unrestricted x-domain access are far less secure. And, with window.name, as kriszyp says, the server *does* have to opt-in, so it’s a good thing.

But, more importantly for the open web revolution, for sites which want to publish their content to anyone, and it’s safe for them to do so, they can use a “*” policy in their crossdomain.xml, which allows anyone to access it, without worrying about needing to specifically grant permission to each domain.

By: kriszyp

kriszyp — Sun, 03 Aug 2008 19:26:44 +0000

@ragjunk, @Loganathan: This approach requires that the target site opt-in by providing data using window.name technique, it doesn't enable you to break the "steal" data without the target site's consent; the target site must provide the data by setting the window.name. If you want the target site to provide you data using the secure window.name technique, encourage them to implement the protocol (it is defined here: http://www.sitepen.com/blog/2008/07/22/windowname-transport/)

By: Loganathan

Loganathan — Sat, 02 Aug 2008 08:34:38 +0000

i am looking for a solution to read some contents of another domain’s page data .. i am loading into iframe in my page.. is it possible toaccess it.

By: Loganathan

Loganathan — Sat, 02 Aug 2008 08:20:01 +0000

Will this help to fetch another domain’s data through ? please tell me the answer?

By: linb

linb — Sat, 02 Aug 2008 00:01:51 +0000

window.name technique is better for FIM. It enable you run an remote Ajax RIA application from a single local disk html file. How to run an remote Ajax RIA application from a single local disk html file.

By: ragjunk

ragjunk — Fri, 01 Aug 2008 21:57:47 +0000

@V1: How would flash based XHR work, if my site is not in the crossdomain.xml of the target site? I want to do an XHR from my online app to any third party site, but I cannot do that because my site is not listed in any of their xdomain XML. So, I think, Kris’ work would help me better than using any of the flash based XHR, unless I missed something totally. (which happens many a times)

By: kriszyp

kriszyp — Fri, 01 Aug 2008 19:42:34 +0000

Dojo does have an iframe mechanism for cross-domain loading that uses fragment identifiers (#hash) to transfer data. However, this technique is very limited, it can only send messages in 2K chunks. The windowName module and the new native APIs are much more efficient.

By: Nosredna

Nosredna — Fri, 01 Aug 2008 16:40:33 +0000

I’m learning Dojo now, and it normally uses iFrames for this, right? Is there a case when using iFrames doesn’t work?

By: V1

V1 — Fri, 01 Aug 2008 13:20:13 +0000

ill rather use flashxhr, same effect less mess.

By: henrah

henrah — Fri, 01 Aug 2008 12:30:59 +0000

I don’t think there are any browsers that can’t do window.name message-passing; the proxy option is for supporting other sites which don’t have a cross-domain request api to call.