Recently I have been working on a web application, extending it with an iframe on another subdomain.
When you set up communication with an iframe on another subdomain, it works by setting document.domain in both pages. Pretty nice and straight forward.
But it can mess up the rest of your page.
As soon as you have set document.domain you should be able to do an XHR to your original domain according to the same domain policy.
This will work in IE, Safari, and Opera.
This will not work in Firefox 1.0. This is very awkward but at least it has been fixed in 1.5.
So it will work in Firefox 1.5. But:
The responseXML object is useless. You can’t access it, you receive a Permission Denied when trying to access it’s content (e.g. documentElement). Very annoying.
Even stranger that responseText is still readable. What’s the reason for this? Is there some security risk i am unaware of or is it a plain bug?
As the responseText is available there is a pretty simple fix: re-parse the XML, which is kinda stupid and cpu intense if you have a lot of them. (something like: var doc =
(new DOMParser()).parseFromString(req.responseText, "text/xml");)
I have some sample code available here.
Apparently a bug report has been filed at 184.108.40.206. No response from developers. Great.
Unfortunately it has only been filed for OSX, but it also afffects Windows Firefox.
Mozilla guys, fix this ASAP.
Update 2007-06-21: Things seem to start moving, we will likely have a fix for Firefox 3.