Alternative to subspace for secure cross-domain communication between iframes?
Question
We have implemented secure access to certain objects of parent frame by using Subspace pattern defined in this paper . There's a mediator frame that has access to a single object in parent frame that has the only functionality intended for access by the untrusted frame. This has worked fine up until now that Firefox 16 has "fixed" this method described in this security advisory .
Now I'm seeking the best secure alternative for subspacing.
The target is to allow any website to call a single function in its parent frame (the mediator frame) and then the mediator frame should be allowed to call the subset of functions allowed to it that is in the main frame. Any alternative that can do the same functionality in a different way is welcome.
1 answers
solution1
1 ACCPTED 2012-10-16 07:50:01
The standardized way to allow secure cross-domain communication between iframes is to use messaging : you use postMessage and receiveMessage to exchange messages you defined for your needs.
See this MDN documentation .
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.