Chapter 5. Cross-domain iframe messaging
This chapter covers
- The role of iframes in cross-domain messaging
- HTML5 window.postMessage API
- window.postMessage alternatives for legacy browsers
- easyXDM—the cross-domain messaging library
In chapter 4 you learned about the same-origin policy—a browser security concept that prohibits pages from different origins from accessing each other’s methods and properties. You also learned a few tricks—subdomain proxies, JSONP, and CORS—that allow you to circumvent the SOP in order to send HTTP requests to your servers.
One of those solutions, subdomain proxies, used iframe elements as a means of communicating with your servers. It relied upon the fact that documents hosted inside iframes can freely communicate ...