问题
I have a problem where I have a frameset consisting of a parent frame loaded from one domain and a contained frame from a different domain. The contained domain also sets a cookie before the frameset is loaded. However, because of the 'same orgin' policy, enforced by most browsers, a contained frame will not pass cookies if it is not from the same domain as the parent.
Unfortunately I have no control over the parent frame (or its url) and the url for the contained frame is effectively static. So the only way to pass information to the contained site is via cookies.
The only solution I have come up with is to reload the contained domain in the parent frame but this negates some of the value of using frames in the first place.
Does anyone have a better work around for this problem?
回答1:
There are a couple of methods of getting around the Same Origin Policy that is preventing your iframes from speaking to each other. If you control both servers then you can use Flash's crossdomain.xml file. If you don't control one of the servers or you would like to use JavaScript, then you are forced to use a "Cross-Domain Proxy", such as this one for java or python or php.
Cross-Site XHR is another option but it isn't supported by all browsers.
回答2:
There are a lot of ways to do this. Here are two that I've used:
- Have both the parent and child load a script from a common source, using a tag. Scripts loaded in this way don't have same-origin issues, and the data they return becomes part of the document object and can interact with other scripts loaded by the document (this is the way that AJAST works).
- Create a reverse proxy in the parent domain, and load the frame via this proxy. To the browser, it appears that they're both served from the same domain. The downside is that this can affect caching, and bypasses any content delivery network (eg, Akamai) that you might be using.
回答3:
There is also a right way of doing this in HTML 5 with postMessage. See here: http://ajaxian.com/archives/cross-window-messaging-with-html-5-postmessage
回答4:
One more thought in to this, where u can use Cross Domain Messaging API to send messages from one frame to another. here is an example! Read more on this.
来源:https://stackoverflow.com/questions/1131210/work-around-for-the-same-origin-policy-problem