I had the same problem and i solved it with these 3 steps: 1) in Apache config file (for me the path was C:\wamp\bin\apache\apache2.4.18\conf\httpd.conf) add the line: Header set Access-Control-Allow-Origin “*” in the content of the <Directory> tag: DocumentRoot “c:/wamp/www” <Directory “c:/wamp/www/”> Options +Indexes +FollowSymLinks Header set Access-Control-Allow-Origin “*” AllowOverride all Require local </Directory> 2) … Read more
Capture the session id Session::getId() in Domain A send the captured session id via HTTP POST to Domain B Access the sent session id in domain B $sessionid_from_domainA = $_POST[‘session_from_A’] Set session in domain B Session::setId($sessionid_from_domainA) Start Session in domain B Session::start()
You should check out jQuery. It has a rich base of AJAX functionality that can give you the power to do all of this. You can load in an external page, and parse it’s HTML content with intuitive CSS-like selectors. An example using $.get(); $.get(“anotherPage.html”, {}, function(results){ alert(results); // will show the HTML from anotherPage.html … Read more
As mentioned in my question update, changing the service account to be in Domain2 resolved the issue. So what was going on? The Problem – Explained From what I can tell (also with help from a Microsoft representative), because the service account was originally a Domain1 user, it could not determine what domain local groups … Read more
Use: window.parent.postMessage(‘Hello Parent Frame!’, ‘*’); Note the ‘*’ indicates “any origin”. You should replace this with the target origin if possible. In your parent frame you need: window.addEventListener(‘message’, receiveMessage, false); function receiveMessage(evt) { if (evt.origin === ‘http://my.iframe.org’) { alert(“got message: “+evt.data); } } Replace “my.iframe.org” with the origin of your iFrame. (You can skip the … Read more
Is it broken? Well, sort of. I tried various ideas and couldn’t get the code in your jsFiddle to work. Looking at this MSDN Blog post, we find that postMessage only works between IFrames in older versions of IE, which has yet to be fixed for IE 11. That article links to a demo of … Read more
I found a workaround. This appears to be a bug (“feature”?) in jQuery 1.10.1. Using jQuery 1.10.0, the error no longer occurs: http://jsfiddle.net/86q5k/5/ <iframe src=”http://endorkins.com/test-iframe-1.10.0.html”></iframe> Strange. Very strange. If anyone knows the reason why this is happening in 1.10.1, and how to fix it, I (and jQuery minions around the globe) would certainly be very … Read more
There is a relatively new cookie attribute called SameSite that was being set by my server automatically. Disabling this (while retaining the settings listed in the question) allows the iframe access to its own cookies in Chrome. See also Chrome feature status & IETF draft UPDATE Aug 2020 Chrome now blocks cookies without SameSite set, … Read more
As mentioned above, anyone can send a request to you page at any time: so the major security concerns you need are to validate user input and only reveal information that is available for public consumption. But that applies to all scripts. The two main issues you need to concentrate on (after validating user input) … Read more