Javascript cross domain - "allow" other domains?

Question

Description of steps

1. Write "callback" function on my custom page in my domain (called "MyCallbackCallback", for the sake of argument)
2. Open new window (from different domain) and pass function name in as part of query string
3. New window does what it needs to do then tries to access "MyCallback" from my custom page

This obviously won't work and will return "Access denied" error.

If there was a way of "allowing" the 3rd-party domain access to my domain that would solve the issue, of course. Is there such a thing? I know there is in Action Script, but JavaScript??

NB - I am aware that setting "document.domain" on both pages, (or creating both pages in the same domain) will solve the issue, but I almost certainly won't have this option.

If the answer is "you can't" that's fine - I just need to know. I have spent many hours searching and can't find a simple answer (there may not be one!)

Ta, Rob

Answer 1

If you want cross-domain communication without serverside proxies (perfect for the kind of RPC that you are describing) then take a look at easyXDM.

You can find multiple demos here.

Answer 2

Have a look at Cross-Domain AJAX requests:

• https://developer.mozilla.org/En/HTTP_Access_Control
• http://msdn.microsoft.com/en-us/library/dd573303%28v=vs.85%29.aspx

JSONP is the only method compatible with older browsers though.

Answer 3

It’s not exactly clear from your question, but if you’re trying to use CORS, the server you’re requesting data from should add an Access-Control-Allow-Origin HTTP header, like so:

Access-Control-Allow-Origin: http://example.org/

Or, if it’s a public resource:

Access-Control-Allow-Origin: *

Older browsers don’t support CORS. If you need a fully cross-browser-compatible solution, use JSONP.