I would like to create data on the user side and let javascript from another URL access it too. I am aware of the same origin policy, but I was wondering whether it is possible to create some exceptions. Or, is there any trick/feature I could use?
I would like to create data on the user side and let javascript from another URL access it too. I am aware of the same origin policy, but I was wondering whether it is possible to create some exceptions. Or, is there any trick/feature I could use?
Share Improve this question asked Apr 22, 2013 at 10:31 Jérôme VerstryngeJérôme Verstrynge 59.6k95 gold badges295 silver badges466 bronze badges 5 |1 Answer
Reset to default 17Best trick I know is to use iframes and postMessage API do get access to localStorage from external domain.
This technique is quite simple:
- on you page you must create iframe to a domain from which you want to get data
your data domain need listen to
messageevent:document.addEventListener ("message", handler, useCapture);
handler will be responsible for accessing
localStorageand posting its content to source domain- your source domain may call
handlerfunction on data domain withpostMessageAPI https://developer.mozilla.org/en-US/docs/DOM/window.postMessage
For security of your data you can use HTTP header X-Frame-Options ALLOW-FROM uri https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options?redirectlocale=en-US&redirectslug=The_X-FRAME-OPTIONS_response_header
Hope it will help.
document.domainto circumvent SOP) - you can only load that other site and use cross-origin-messaging to pass the data – Bergi Commented Apr 22, 2013 at 11:18