Reputation: 516
Javascript widget cross-domain authentication
I have some javascript code for a widget on whateveryouwant.com that does a bunch of jsonp request to my mymaindomain.com. Every instance of the widget has his own appid, so that each appid has one, and only one, trusted domain name associated to it. Now I want to know if a single istance of my widget (appid) is being used from his trusted domain and, if true, give access to my service (returning an access token for example), and block any other untrusted domain. I read something about iframes and postmessage stuff, but i don't understand if this could be a crossbrowser solution.
Upvotes: 1
Views: 837
Answers (1)
Reputation: 1840
If I understand what you want, it sounds like you need to communicate with two widgets on different domains on the same website. If this is the case, there are two ways around the cross-domain issues if you want to avoid any server-side infrastructure or browser plugins:
HTML 5 has a postmessage API but this, as far as I know, is still unsupported in IE. Take a look here if you're interested: https://developer.mozilla.org/en/DOM/window.postMessage
Use an old trick where you, basically, set data in an iframe and navigate the frame between the two different servers so each widget can access it one at a time. Here is a barebones example: http://onlineaspect.com/uploads/postmessage/parent.html
Upvotes: 1
Related Questions
- Javascript Cross domain JSON
- jQuery AJAX Cross Domain with BASIC Authentication
- Cross domain access and JSONP
- Securing JSONP?
- Cross site HTTP authentication in JQuery
- Cross-domain scripting using jQuery.support.cors = true
- Complex cross domain scripting
- JavaScript widget with trust based authentication under active directory
- How can I validate/secure/authenticate a JavaScript-based POST request?
- html widget communicating with server