iframe之间安全跨域通信的子空间替代方案?
[英]Alternative to subspace for secure cross-domain communication between iframes?
问题描述
We have implemented secure access to certain objects of parent frame by using Subspace pattern defined in this paper . 
通过使用本文定义的子空间模式,我们已经实现了对父框架某些对象的安全访问。 There's a mediator frame that has access to a single object in parent frame that has the only functionality intended for access by the untrusted frame. 有一个介体框架可以访问父框架中的单个对象,该对象具有旨在供不受信任的框架访问的唯一功能。 This has worked fine up until now that Firefox 16 has "fixed" this method described in this security advisory . 直到Firefox 16已“修复” 此安全通报中描述的此方法为止,这种方法一直有效。
Now I'm seeking the best secure alternative for subspacing. 现在,我正在寻求最好的替代安全解决方案。
The target is to allow any website to call a single function in its parent frame (the mediator frame) and then the mediator frame should be allowed to call the subset of functions allowed to it that is in the main frame. 目标是允许任何网站在其父框架(调解器框架)中调用单个功能,然后应允许调解器框架调用其在主框架中允许的功能子集。 Any alternative that can do the same functionality in a different way is welcome. 任何可以以不同方式实现相同功能的替代方案都受到欢迎。
1 个解决方案
解决方案1
1 已采纳 2012-10-16 07:50:01
The standardized way to allow secure cross-domain communication between iframes is to use messaging : you use postMessage and receiveMessage to exchange messages you defined for your needs. 允许iframe之间进行安全的跨域通信的标准化方法是使用消息传递 :您可以使用postMessage和receiveMessage来交换根据需要定义的消息。
See this MDN documentation . 请参阅此MDN文档 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.