Hi Jesse,
That's how it's supposed to work; The same-domain-origin is the basis
of the security model for gadgets.
The last thing you would want is for a malicious gadget to be able to
add everyone as a friend (by using a link on the parent), change your
about me info to some spam message, steal your private information, or
anything like that! So the different domains make sure that that can't
happen, and by having different gadget iframe's on different domains
too you can also prevent them from mucking about with each other too.
This does imply some restrictions of course, like the one you just ran
into, but it beats the alternative :)
Having to put notifications inside of the gadget works pretty much
just as well though, as long as you design for it
-- Chris
On Aug 26, 2008, at 4:56 AM, Jesse Hu wrote:
>
> Hi, I want to show a popup box in the center of the browser window,
> so need to
> access "window.parent" DOM object from within the iframe which gadget
> is rendered in but failed with "Permisson denied", I think it's due to
> cross-domain restriction that the "iframe.src" and
> "window.parent.location" are of different domain/port. Is there any
> solution?
>
> Is the shindig server supposed to be deployed to the same domain and
> port as the social networking site or not ? If not, a few cross-domain
> issues may be encountered.
>
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"OpenSocial Application Development" group.
To post to this group, send email to opensocial-api@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at
http://groups.google.com/group/opensocial-api?hl=en
-~----------~----~----~----~------~----~------~--~---
