Is Cross-Origin Postmessage Broken in Ie10

Is cross-origin postMessage broken in IE10?

I was mistaken when I originally posted this answer: it doesn't actually work in IE10. Apparently people have found this useful for other reasons so I'm leaving it up for posterity. Original answer below:

---

Worth noting: the link in that answer you linked to states that postMessage isn't cross origin for separate windows in IE8 and IE9 -- however, it was also written in 2009, before IE10 came around. So I wouldn't take that as an indication that it's fixed in IE10.

As for postMessage itself, http://caniuse.com/#feat=x-doc-messaging notably indicates that it's still broken in IE10, which seems to match up with your demo. The caniuse page links to this article, which contains a very relevant quote:

Internet Explorer 8+ partially supports cross-document messaging: it
currently works with iframes, but not new windows. Internet Explorer
10, however, will support MessageChannel. Firefox currently supports
cross-document messaging, but not MessageChannel.

So your best bet is probably to have a MessageChannel based codepath, and fallback to postMessage if that doesn't exist. It won't get you IE8/IE9 support, but at least it'll work with IE10.

Docs on MessageChannel: http://msdn.microsoft.com/en-us/library/windows/apps/hh441303.aspx

postMessage between cross-domain windows not working in IE10 (it works for frames)

IE does not support postMessage between cross-domain popup windows(eg:window.open). IE does support postMessage for embedded frames(eg:top.frames).

So I end up by putting a frame into a dialog, pretending like a popup windows. eg:

With the help of Jquery UI dialog

<script>
$("#dialog").dialog({
    autoOpen: false,
    modal: true,
    height: 300,
weight: 400,
});

function openiframe(){
   $('#dialog').dialog('open');
});
</script>

<p>At 120.0.0.211 server</p>
<button type="button" onclick="openiframe()">send the message!</button>
<div id="dialog">
   <iframe id="iframe" src="http://192.168.15.223/smallframe"></iframe>
</div>

It might be other solutions/technologies out there for commutation between cross-domain windows:

1. Cross-Origin Resource Sharing (CORS) using Ajax.

2. Using Webservice like REST, which actually is a server-to-server commutation, not a server-broswer-server struct anymore. But it is a way how we can send some message to another server. For some frameworks it is easy to setup REST eg: cakephp

IE passes an empty event object with PostMessage

IE does not implement window.location.origin. And JSON.stringify() is apparently ignoring properties whose value is undefined (which its MDN documentation says it will do).

Run this jsFiddle in IE to see: http://jsfiddle.net/jfriend00/MP68r/

You can work around the issue by using other properties of window.location depending upon exactly what you want to do with that info.

---

You could use this as an alternative:

location.href.match(/(^.*?\/\/.*?)[\/$]/)[1].toLowerCase();

This will return the part before the first slash in the path which is basically what the origin is. It is converted to lower case since domain names and protocols are case insensitive so this makes for a canonical comparison.

Make a CORS request in IE9 with cookies?

From this page http://blogs.msdn.com/b/ieinternals/archive/2010/05/13/xdomainrequest-restrictions-limitations-and-workarounds.aspx at the bottom you can see Update: Internet Explorer 10 now supports CORS using XMLHTTPRequest. It means CORS is not handled properly in IE9. Sorry. They propose some workarounds with proxy in the same article.

Browser compatibility matrix is given at http://caniuse.com/cors where by partial support they mean

Internet Explorer 8 provides support via the XDomainRequest object but doesn't support credentialed requests http://code.google.com/p/sgvizler/wiki/Compatibility.

---

Related Topics