HTML5 cross document messaging vs. crossdomain policy

anagha_b · October 3, 2012, 10:01am

Hello all,

This may be a totally foolish question. if so, apologies in advance!

I am reading about HTML5 and I read about this new Cross Document Messaging API. Whatever I’ve understood is it will help communicate between documents being served by most probably different subdomains, which people mostly use to enhance performance and maintain/organize structure of files on the server.

I’ve been using crossdomain.xml and allowing access to resources from [noparse]http://www.domain.ext[/noparse], [noparse]http://domain.ext[/noparse] and [noparse]http://*.domain.ext[/noparse] with just 3 lines of code in crossdomain.xml. What extra advantage am I going to get out of ‘postMessage API’ as I’ve been unable to find any real world examples where this postMessage API is being used?

Any light thrown on the matter will be highly appreciated.

Thanks in advance,
Anagha.b

zcorpan · October 8, 2012, 7:25am

crossdomain.xml only does anything for Flash. The browser doesn’t care about that file at all.

If you want to communicate with a document in an iframe or a popup window and it is not in the same origin, you can use postMessage.

If you want to read a resource from a different origin, you can use XHR, assuming that origin allows you to read it with CORS.

anagha_b · October 8, 2012, 8:17am

Thanks so much! Clears things for me. If you can recommend any resource for more info on the matter, I’ll be ever so thankful to you.

Best,
Anagha

zcorpan · October 8, 2012, 9:24am

Check out the spec for postMessage at http://developers.whatwg.org/comms.html (this version of the spec is aimed at Web developers).

anagha_b · October 8, 2012, 12:12pm

Many thanks again! :). Will go through it asap.

Cheers!
Anagha