Tip 31
Tip 31. Talking across Domains
Client-side web applications have traditionally been restricted from talking
directly to scripts on other domains—a restriction designed to protect users.
This is known as the same-origin policy,^3 and while it protects users, it makes
our work more difficult if we have legitimate reasons to make two separate
sites communicate. There are numerous clever ways around this restriction,
including the use of server-side proxies and URL hacks. But now there’s a
better way.Cross-Document Messaging, or Web Messaging,^4 is an API that makes it pos-
sible for scripts hosted on different domains to pass messages back and forth.
For example, we can have a form on http://support.awesomecompany.com post content
to another window or <iframe> whose content is hosted on http://www.awesomecom-
pany.com. For our current project, we need to do just that.AwesomeCo’s new support site will have a contact form, and the support
manager wants to list all the support contacts and their email addresses next
to the contact form, like in the following figure.Figure 33—Our completed support site
- https://developer.mozilla.org/en/Same_origin_policy_for_JavaScript.
- http://www.w3.org/TR/webmessaging/#web-messaging
report erratum • discussTalking across Domains • 213
Download from Wow! eBook <www.wowebook.com>