The new isSameOrigin() looks at location.protocol and location.port but not on location.hostname, but instead on document.domain.
This breaks things when you have an iframe on a different subdomain than the main page, because you have to change document.domain to let the iframe and its parent talk to each other. And then isSameOrigin() returns false even for the URI that the method is executed on. Using location.hostname instead of document.domain should work and be just as safe, unless I'm missing something obvious. --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Prototype: Core" group. To post to this group, send email to prototype-core@googlegroups.com To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/prototype-core?hl=en -~----------~----~----~----~------~----~------~--~---