JavaScript: Passing data to a cross-domain popup behind the scenes

Question

The sites of my users collect referrer data about their users and store it in a cookie, which is bound to their domain. If the customer wants to initiate a chat and send the referrer data, they click a button which creates a popup with the URL being on MY domain (so I cannot access their cookies directly). I would like the popup window to receive the data stored in the cookie on their domain (assume I control the JS on their sites too).

Ideally, I would do:

var w = window.open(...);
w.originalReferrer = ...;

... but I hear this method of passing data to the popup only works if the popup is on the same domain (security restrictions).

I could also pass it as a GET arg:

window.open('chat?originalReferrer=' + encodeURIComponent(...) + ')

... but I'd prefer to keep the popup's URL clean, so no GET args should be visible. Is there a way to clean it up, such as using a redirect (and since the destination is now on the same domain (my domain), there might be a nice JS way to pass this data)?

Thanks :-)

Answer 1

On their site, inject JS that will collect data from the cookie and put it in a hidden form that posts to your domain in a new window ( target="_blank" ).

Posting to a new window isn't always going to give you a popup (tabs) so alternatively you could craft a popup in JavaScript (using var popup_window = window.open() , which gives you a reference to that window, and thus the document etc.). Make the hidden form in the popup window and then post it to your domain.

The POST-ing is only necessary to keep your URLs clean, which is a good idea I think.