Skip to content

Tag: cross-domain

iframe not reading cookies in Chrome

Chrome is not allowing a child iframe to read its own cookies. I have a parent webpage with a child iframe: parent at child at <iframe src=””> (inside of parent) cookie set with path: ‘/’ secure: true httpOnly: false domain: ‘’ I control both sites, and I want the iframe to perform an operation within the iframe that requires

Use but block use of window.opener

A while back I ran across an interesting security hole Looks innocuous enough, but there’s a hole because, by default, the page that’s being opened is allowing the opened page to call back into it via window.opener. There are some restrictions, being cross-domain, but there’s still some mischief that can be done Now, HTML has a workaround That prevents the

Internet Advertisers and Third-Party Cookies – clarification?

I’ve read this question about how third party cookie are set , which is a subject I already know : it can be done via three ways : Script (application/javascript)mime type ( which is generated at server side) which can also set cookie. ( along with the script response). img link <IMG href=”http://www.advertiser.exmaple/add.cgi?″> form submission to an iframe ( for

Problems with window.postMessage on Chrome

I have been stuck on this for hours. I have a.html on that contains an iframe with src to b.html on a.html has some JS code to postMessage to the iframe. The code to postMessage is simple: But this way, Chrome throws an error: I have also tried: But NO LUCK! This is the ONLY WAY it works:

Cross-domain connection in Socket.IO

Is it possible to use Socket.IO in a cross domain manner? If so, how? The possibility is mentioned around the web but no code examples are given anywhere. Answer Quoting the FAQ: Does Socket.IO support cross-domain connections? Absolutely, on every browser! As to how it does it: Native WebSockets are cross-domain by design, serves a flash policy file