Same Origin Issue with Widget

Version 1
    This document was generated from CDN thread

    Created by: John Wagner on 03-09-2013 08:15:08 AM
    I am working on a custom widget where I am trying to access a JavaScript function that lives on my widget XML page from within the iframe, and getting a permission denied error.  This appears to be due to the same domain policy and that the iframe and Finesse pages are not considered to be on the same domain by the browser.  My scenario is that I have several ASP.Net pages hosted within an IIS site that also hosts my widget XML pages that display these aspx pages within iframes.  It seems that while my widget XML and aspx page are both hosted within the same IIS site, that the XML is loaded as part of the Finesse app domain, while the iframe is loaded from my app domain.  Is there a way to configure Finesse and/or my IIS site hosting the widgets so they are considered same domain so my iframes can talk to their parent windows?

    Thanks,
    John

    Subject: RE: New Message from John Wagner in Finesse - General Questions: Same Origi
    Replied by: David Lender on 03-09-2013 12:11:07 PM
    No there is not a way to configure Finesse and/or IIS site hosting the widgets so they are considered same domain so iframes can talk to their parent windows.
    iFrame within a Finesse gadget cannot talk to the parent iFrame.

    Subject: RE: Same Origin Issue with Widget
    Replied by: John Wagner on 03-09-2013 01:04:39 PM
    OK, thanks David.

    Subject: RE: Same Origin Issue with Widget
    Replied by: Gary Olmsted on 04-09-2013 12:32:50 AM
    I am a bit confused by this talk of "Widgets".  May I assume that you are talking about "Gadgets"?  Let me assume your use of "Widget" really means "Gadget"...

    What David says is partially true.  Strictly speaking he is right.  When the Finesse Container renders the Gadget within the iFrame of its own, it proxies it through Finesse, so it makes it look like it is from Finesse.  Thus, if it is loading an iFrame within that which loads stuff from your IIS Server directly, then it will become subject to cross-domain scripting rules.  Howerver, if you own the code on both sides (the Gadget code and the aspx page), you can introduce a mechanism for them to talk to each other using the HTML Post Message technique: http://www.whatwg.org/specs/web-apps/current-work/multipage/web-messaging.html   So, you would need to set up handlers in your Gadget and your Hosted Code, and post messages between them.  This allows you to work "around" cross domain, but in a supported way.  Just an idea.