[Windmill-dev] Facebook X-domain problem
Matthew Eernisse
mde at osafoundation.org
Mon Jan 7 13:29:46 PST 2008
Adam,
One small improvement I might suggest ...
Adam Christian wrote:
> When the loop is turned on for the first time I check to see if I can
> access opener.document.domain, if I can't I take the hostname and rm
> www. from it and set the document.domain. The reason that we can count
> on this value being the domain minus the www is because facebook.com (or
> blah.com) without the www is the only thing the browser will actually
> let you set the domain to. You can't even set the domain back to
> www.facebook.com (which is the default) even if you want to.
Rather than assuming the domain initially loaded is "www," it might make
sense to imagine they have some arbitrary subdomain (or sub-sub), like:
subdomain-a.subdomain-b.domain.tdl
Probably what you want to do each time you can't access the opener's
document.domain, is move up the domain chain by chopping off the initial
subdomain:
subdomain-a.subdomain-b.domain.tdl
=> subdomain-b.domain.tdl
=> domain.tdl
And do that until you can access the doc's domain.
That should still work for Facebook, but would also accommodate a wider
range of apps that are doing this multi-subdomain thing with cookies.
Matthew
More information about the Windmill-dev
mailing list