Monday, November 15, 2010

Cross domain scripting is a pain

I'm working on a project that has both inspired me to learn new stuff and frustrated me immensely.

The system is akin to a page rating database which enables users to give an opinion on the quality of a page. The wiget is delivered as an iframe and uses a little bit of javascript to perform the mouseover and click detection. The wiget is then supposed to send the data back to the server where the database can be updated. All this runs a treat on the local server when debugging but as soon as the code gets a sniff of the live server, the iframe has no access to the parent page so the rating of the iframe source gets updated, not the page that contains it.

Another problem which I had was to deliver a popup containing the rating information, this was messed up again by the fact that my script was unable to access the web service from which the data was to be delivered. Access denied to the XmlHttp object.

I have solved part of the problem by delivering the popup information as an image, The way to deliver user ratings back from the inside of an iframe however still escapes me.

Any suggestions?

1 comment:

Bob Powell said...

Solved it. See my post on CiteYa.com

In fact I used a trick. The first time the wiget is accessed the referrer comes back ok. Subsequent times show the referrer as being the iframe source. I just made sure that the first one was used for the rating.