• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 366
  • Last Modified:

single origin policy

Hi guys,
i am working on developing a sample application. it has problems when i trying to access loading page from iframe

according to SOP [Single Origin Policy] a java script executing in page A can manipuate the dom tree of page b if a is embeded in the iframe tag of B and A , b have the same domain

am i wrong

please can anyone have a right answer
0
emeraldpiggy
Asked:
emeraldpiggy
  • 2
  • 2
3 Solutions
 
hard2u2001Commented:
As By Google Code

What is the Single Origin Policy?

Modern browsers implement a security model known as the "Single Origin Policy" (SOP). Conceptually, it is very simple, but the limitations it applies to JavaScript applications can be quite subtle.

Simply stated, the SOP states that JavaScript code running on a web page may not interact with any resource not originating from the same web site. The reason this security policy exists is to prevent malicious web coders from creating pages that steal web users' information or compromise their privacy. While very necessary, this policy also has the side effect of making web developers' lives difficult.
0
 
Michel PlungjanIT ExpertCommented:
NOTE: a change of port or protocol is ALSO seen as a different server

To bypass, you need to set up a server proxy or pass info in the window.name attribute
0
 
emeraldpiggyAuthor Commented:
yeah according to google, I thought we can manipulate the Dom tree  of page B if A is embeded in the iframe tag of B  and (A B have the same domain)
0
 
hard2u2001Commented:
yes you can always manipulate the dom tree of iframe or parent frame if and only if both A and B are from same domain.

Though there are some complicated solutions if you want to use different domains,
but for that also u should have control over both the domains.

see the solution :

http://www.alexpooley.com/2007/08/07/how-to-cross-domain-javascript/

http://softwareas.com/cross-domain-communication-with-iframes
0
 
emeraldpiggyAuthor Commented:
thanks that helps
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now