Django and api widget

Question

I am relatively new in web development and I needed your help with the following.

I am creating a basic website using Django where a user can manage his portfolio. Now I was using this widget from Tradingview.com in this manner.

Now what I wanted to know was if I could somehow store what the user was adding in the watchlist in the database itself and load it when the widget loads next time

Answer 1

Tradingview.com's widget is implemented using an iframe tag on your website, so you want to execute javascript inside the iframe so everytime a user adds to his wishlist you sent an ajax request to your django backend.

but thats not possibles if the widget is from another domain than tradingview.com

Calling a parent JS function from iframe is possible, but only when both the parent and the page loaded in the iframe are from same domain ie abc.com, and both are using same protocol ie both are either on http:// or https:// .

The call will fail in below mentioned cases:

1. Parent page and the iframe page are from different domain.
   
2. They are using different protocols, one is on http:// and other is on https://.
   

Any workaround to this restriction would be extremely insecure.

For instance, imagine I registered the domain superwinningcontest.com and sent out links to people's emails. When they loaded up the main page, I could hide a few iframe s in there and read their Facebook feed, check recent Amazon or PayPal transactions, or--if they used a service that did not implement sufficient security--transfer money out of their accounts. That's why JavaScript is limited to same-domain and same-protocol.

SOURCE: https://stackoverflow.com/a/2663118/4885802