Skip to content

Tag: cross-domain

Use window.open but block use of window.opener

A while back I ran across an interesting security hole Looks innocuous enough, but there’s a hole because, by default, the page that’s being opened is allowing the opened page to call back into it via window.opener. There are some restrictions, being cross-domain, but there’s still some misc…

Cross-domain connection in Socket.IO

Is it possible to use Socket.IO in a cross domain manner? If so, how? The possibility is mentioned around the web but no code examples are given anywhere. Answer Quoting the socket.io FAQ: Does Socket.IO support cross-domain connections? Absolutely, on every browser! As to how it does it: Native WebSockets ar…