On 20 November 2011 00:31, Someone <[email protected]> wrote: > Thanks guys for all the info....I can't post any sample page because I am > very short of time....JS can change domain e.g. document.domain=XYZ.....
Yes, I know you can do that, but that's intended to be used only in a limited way and with a particular purpose. If the page is loaded from a.name.com you can set the document.domain to name.com in order that it can cooperate with a document loaded from b.name.com which also sets document.domain to name.com. That is, you can only validly change the document.domain to a superdomain of the document's location. Since a domain-level key is valid for subdomains there seems to be no reason why the key validation should fail if the key is specified for the superdomain in the first place. Example Document loaded from a.name.com sets document.domain to "name.com" Document loaded from b.name.com sets document.domain to "name.com" Neither document will be subject to XSS restrictions on "name.com" resources. A key specified for "name.com" will work on both pages, whether it looks at document.domain or window.location. What you cannot validly do is change document.domain to "another.com" -- I suspect that the browser will silently ignore this (or rather, set it and still implement XSS restrictions). This could cause problems. It's possible that the API has changed from validating window.location to validating document.domain instead. This shouldn't cause issues with valid code provided that the key is valid for the domain (name.com). I can see that it may cause issues if the key is specified for a subdomain (a.name.com) because it now doesn't match document.domain on either page. If *this* is what's happening -- a key specified for a.name.com doesn't work on a page loaded from a.name.com if its document.domain is set to name.com, then that's a regression issue. It should be relatively straightforward to come up with a simple demonstrator, if your application is affected by this. -- You received this message because you are subscribed to the Google Groups "Google Maps API V2" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-maps-api?hl=en.
