[Webkit-unassigned] [Bug 42649] New: XMLHttpRequest triggers corss-domain error when inside a FRAME
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Jul 20 10:24:25 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=42649
Summary: XMLHttpRequest triggers corss-domain error when inside
a FRAME
Product: WebKit
Version: 528+ (Nightly build)
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: New Bugs
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: gyll at iname.com
First of all, dunno what i'm doing wrong (or what i'm missing) but i can't select the correct Safari version: i'm reporting on version 5 but i can only select up to safari 3.2 in the bug tracker version list...
Now the problem: in both Mozilla and IE the XMLHttpRequest object is attached to the FRAME in which the document is loaded, while in Safari it is attached to the MAIN WINDOW in which the document is loaded. This results in different behavior on these browsers when a document 'Document1' located on a domain 'Domain1' contains a frame that loads a document 'Document2' contained on a different domain 'Domain2': specifically, in Safari 'Document2' cannot use XMLHttpRequest to access data from 'Domain2' and it reports a cross-site security violation (in both Firefox and IE it works fine)
So, to rise (see the diagram below using a Fixed-width font):
<contained on>
Domain1 <---------------------- Document1
|
|<contains a FRAME with...>
|
<contained on> V
Domain2 <---------------------- Document2
^ |
| |<can NOT access via XMLHttpRequest on Safari>
| |
| <contained on> V
\----------------------------- Files
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list