在Intranet中启用跨域脚本

Question

I'm having a few problems with an application that integrates sharepoint, SQL reporting services and a bunch of custom forms that are built using ASP.NET MVC.

Assuming my servers are as follows;

• MOSS
• SSRS
• Custom forms

In MOSS, my portal has need on occassion to popup a custom form to capture user input. I've done this by using a jQuery dialog (using Boxy), which iframes the custom form in and passes the url of the portal into it. When the custom form is finished, it navigates the parent window (the MOSS portal) to the URL passed in, which effectively refreshes the page.

This was working fine until we threw in the complexity of SSRS.

Now in MOSS, I have a report that lists some data, but the SSRS report viewer web part seems to iframe it's report content in, which means the hyperlinks from the report can't ask the parent to overlay the same dialogs (as it's cross domain) and if it were to perform the overlay itself, it would just overlay the iframe.

Sorry for the long post, getting to the point - this is an internal intranet application only. Is it possible to allow cross domain scripting somehow so that the popup dialogs can all be controlled from javascript within the sharepoint portal and SSRS and my custom forms can just invoke javascript methods on the parent?

Preferably I wouldn't want to have to do configuration in the client browser to allow this to happen, as I'd have to roll that change out to all the machines within the estate - which is a significant number.

Thanks in advance, beer available to anyone who can solve my woes ;)

Cheers, Tony

Answer 1

IE8, Firefox 3, recent Opera and Safari/Chrome support postMessage which allows cooperating pages on different domains to talk to each other:

http://ajaxian.com/archives/cross-window-messaging-with-html-5-postmessage

If you are stuck with older browsers, you have few options. The cleanest is to send everything that needs to communicate with each other through the same proxy, although in the OP's situation it looks like this isn't possible.

The next cleanest is to use Flash's cross-domain facility.

Another option is xssinterface , which wraps postMessage where available and uses some voodoo involving cookies and polling where it isn't.

The only other option is to use hidden iframes - to send a message to a page, change the iframe's location to one on the destination page's domain and poll in the destination page - but again I think the proxying in the OP's case makes this unworkable.

Answer 2

There is another option in addition to those Andrew provides. You can dynamically inject script tags into the DOM, wherein the src attribute can point to a javascript file on any domain.

In jQuery you accomplish this by specifying "jsonp" as the datatype for the ajax request. You can read more about this approach here:

http://blog.ropardo.ro/2009/09/23/cross-domain-ajax-calls/

Answer 3

I finally got around these issues by using hidden iframes as suggested. I posted an article on my blog with more details and pushed the code onto codeplex:

http://www.deepcode.co.uk/2009/11/overcoming-cross-domain-issues-between.html