At ZYB we have been doing cross domain JavaScript calls for quite some time now. Whenever we tell that to people, many don’t believe it is possible with standard security settings in any modern browser. This surprised me a bit since it has always been possible with a simple little trick.

The problem

Say you have a website (site A) with an iframe wherein you host another website (site B). In old and unsecure browsers it was possible to do a JavaScript call from site B to site A like this:

window.parent.doSomething();

Here the doSomething function is living on site A and is called by site B through its parent window. For security reasons, this simple way of cross iframe communication was disabled years ago by all browser vendors.

The solution

There are different scenarios with possible solutions:

1: Site B is a sub domain under/beside Site A

Let’s say that:

• Site A is located at example.com or sitea.example.com
• Site B is located at siteb.example.com

All you need to do is to add this line of JavaScript to both site A and B:

document.domain = 'example.com'

That tells the browser that both site A and B belongs to the app located at example.com and are therefore allowed to communicate using JavaScript. It could be by calling window.parent.doSomething(); Now Same Origin Policy principle has been enabled on both sites.

2: Site B is on a different top domain than site A

This is more tricky, because we need to let the browser think both site A and B are under the same top domain.  When it does, we can implement the trick from solution 1 above.

Let’s say that:

• Site A is located at example.com or sitea.example.com
• Site B is located at foobar.com

To make this work, you need to create a sub domain called e.g. siteb.example.com. Then point the new sub domain to the IP address of foobar.com. Now both site A and B is located under example.com and you can start to implement solution 1.

There is no security risk going on here because you can only implement solution 1 if both site A and B participate in the trick.

Other solutions

If you can't use either solution 1 or 2 the game isn't over. Here are some other techniques to use:

• JSONP
• Iframe proxying

Though not as simple as the document.domain trick, these are well documented and proven techniques.

Back in March, I wrote about my grand plan for 2009 – my new year’s resolution. The plan was simple. I had to visit 12 different countries in 2009, preferably 12 countries I’d never visited before. Now, half way through the year it’s time to do status on the progress.

January

A business trip to Düsseldorf, Germany kicked off the plan. Beautiful city with very nice restaurants, bars and more Porche’s, Mercedes’ and BMW’s I’ve ever seen in one place.

February

Another business trip, this time to rainy London. Also, later the same month I went to Chişinău, the capital of Moldova. This is by far the most interesting place I’ve ever visited and I have a feeling that I might be the first tourist in that country. I can highly recommend visiting Moldova and I will definitely go back in maybe 5 years time.

March

Went to the MVP Summit in Seattle. It was my first time in the state of Washington, but my 5th trip to USA and my 14th state. It rained, but it didn’t change the fact that Seattle is a very nice city with very nice and outgoing people.

April

Malaga, Spain was the starting point of my Easter holiday. From there we drove to Gibraltar to see the wild monkeys and beautiful views and of course the new casino. You can actually see Morocco from there across the Mediterranean Sea. Then drove to Sevilla before returning home.

May

Visiting a friend in Stirling, Scotland, the home of William Wallace aka Mel Gibson in Braveheart. Drove around Loch Lomond and tried some excellent whisky along the way – I wasn’t driving. I then took a flight from Scotland to Düsseldorf to revisit the Vodafone mother ship before returning home.

June

Back in March I asked around the office if anyone wanted to join me on a trip to Amsterdam, Holland. 9 colleagues said “yes, please”, so off we went to one of the more fun places I’ve ever visited for reasons I will not share with you or anyone else. If you’ve been there you know why. If you haven’t been there, go before it’s too late.

June/July

I’ve been very busy at work and by travelling, so for the summer holiday I just wanted to relax by a pool somewhere warm. I did that on Corfu – a Greek island off of the Albanian coast. The only energy spent on that trip was getting into a cap to the ferry leaving for Sarande, Albania.

That concludes the first half of my grand plan. Next up is:

August: Fringe Festival in Edinburgh, Scotland and a trip to Boston
September: Weekend in Monaco to win big on the casinos
October: 11 days roundtrip to Iran

After that it’s either India with the family in November or Malta for Christmas. If the rest of the year turns out as stated here, then the grand plan succeeds. This grand plan also carries some of the blame for me not blogging much anymore.