Focus with Cross-domain Ajax in Opera
Asked Answered
S

1

1

You'll need Opera 9.62 to see what this is all about... Because that is the only browser that behaves strange when I do cross-sub-domain JavaScript calls (with Ajax involved). Please consider the following three simple files and place them at appropriate domains.

foo.html (parent of boo.html iframe) at foo.example.com

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>foo</title>
<script type='text/javascript'>

    document.domain = 'example.com';

    function sendRequest() {
        window.frames['boo'].sendRequest();
    }

</script> 
<head>
<body>

    <input type="submit" value="sendRequest" onclick="sendRequest();" />

    <iframe name="boo" src="http://boo.example.com/boo.html"></iframe>

</body>
</html>

boo.html (iframe of foo.html) at boo.example.com

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" 
        "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>boo</title>
<script type='text/javascript'>

    document.domain = 'example.com';

    function sendRequest() {
        var request = null;

        if (window.XMLHttpRequest) { 
            request = new XMLHttpRequest(); 
        } else { 
            request = new ActiveXObject('Microsoft.XMLHTTP'); 
        }

        if (request) {
            request.open('GET', 'http://boo.example.com/helloworld.php', true); 

            request.onreadystatechange = function() {               
                if (request.readyState == 4) {
                    var result = request.responseText;

                    alert(result);
                }
            }

            request.send('');
        }
    }

</script> 
<head>
<body>
</body>
</html>

helloworld.php at boo.example.com

<?php
    echo 'Hello World!';
?>

If you test the above-stated code in browsers other than Opera (tested on v9.62), it works like a charm (I have tested in Safari, Firefox, Chrome). In Opera, it does not work and an error with security violation message is thrown. Does anybody know what the matter is? I have found out a solution to the problem and I will post it here a bit later (I'd also like to see your solutions), but I'd like to learn more about the issue as well - can anybody explain it?

NB: I have set up all the files at my own server, so you can check it out here

UPDATE: I just tested it on the newest Opera 10.63 and it does not have such a problem. So you'll definitely need to use Opera v9.62 to observe the problem.

Songster answered 6/11, 2010 at 9:52 Comment(0)
M
0

Some older Opera versions had a known bug that made setting document.domain affect the security context for XMLHttpRequest. Hence, after setting document.domain the script is no longer allowed to load contents from the server it actually came from.

The recommended solution is to simply upgrade to a version not affected by the bug, however if you absolutely need to support 9.6x you can easily detect the exception and fall back to using postMessage() for cross-domain communication. (In such an old version, you will need to call document.postMessage() - in newer versions it's window.postMessage() but it older versions of the HTML5 specification it was originally defined on document.)

Montgomery answered 15/11, 2010 at 13:14 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.