Javascript security / cross scripting on same server

Question

Have some Javascript that I need to work via the following:

://localhost

://servername

:/www.domainnamefortheserver.com

When I run the script from http://servername with an IFRAME referencing the domain - it does not load.

Is there a way to get the Javascript security model to recognize the server name, localhost and the domain as the same "domain"?

Thanks

Answer 1

Use root relative URIs:

href="/foo/bar"

rather than absolute URIs:

href="http://example.com/foo/bar"

That way the document will be loaded from the same hostname.

Answer 2

What do you mean by

my references are to the domain name

?

If you load scripts in your page on http://servername (using <script src=''>), they will have access to everything on http://servername, even if they come from another domain.

However, if you try to make AJAX calls to the other domain, then you have a problem. You can use the trick explained by Christopher, ie making aliases to the domain.

Answer 3

If you are using a server-side language to generate the page, you may be able to set the security domain like so:

document.domain = $CURRENT_HOSTNAME;

So the security domain will be the domain the user requested. This is a shot in the dark, but I hope it helps nonetheless.

Answer 4

If you are running on UNIX you can edit /etc/hosts to give a fake DNS entry for your server.

eg.

127.0.0.1 localhost www.domainnamefortheserver.com

Then you can always connect to it as the correct name even when it's not on the live site yet. Don't try and break the javascript security directly.

This will also work on OSX. Windows works differently, I expect.