Home/ Questions/Q 8112353
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-06T02:28:19+00:00

I know this is an issue of cross-browser communication or same origin policy and

  • 0

I know this is an issue of cross-browser communication or same origin policy and browser will not allow such communication.

I need a work around this use-case.I have a parent page in HTTP and from there i am submitting the form to HTTPS, my requirement is not to move away from the page and the form is opening up in an overlay.

This is my current JSP settings

<form:form action="https://localhost:9002/myApp/springSecurity/login" class="login-form error-info"  id="loginForm"  method="post" commandName="loginForm" target="guestFrame">

 <iframe width="0" frameborder="0" scrolling="no" name="guestFrame" >

from the server i am sending java-script in the response to be append on the Iframe, this is the java-script being sent from the server

<html><body>"+ "<script type=\"text/javascript\">parent.handleResponse('error',securityLoginStatus.getLoginFailedException());</script>"+ "</body></html>")

i have already defined a method in the parent window namely handle-response but i am getting following error in browser

Permission denied to access property 'handleResponse'

i even tried with parent.wwindow.handleResponse but getting same error.
is there any way i can communicate with the parent window from the Iframe ?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    As you said before there is no way around to avoid cross origin permission denied unless both html origin and destiny be under http://localhost:9002 domain.

    For ease, I recommend using the http communication with javascript/json/jsonp docs.
    You could try jQuery with something like that:

    <script type="text/javascript">
function sendPost () {
    $.ajax({
      type: 'POST',
      url: 'https://localhost:9002/myApp/springSecurity/login',
      data: $("#guestFrame").serialize(),
      error: function(data, status) {
        // alert('Error ' + status);
      }
    });
}
function handleResponse(obj) {
    if (obj.type==="error") {
        alert("Error: " + obj.mssg);
    }
}
</script>

<form ...>
 ...
 <input type="submit" value="send" onclick="sendPost();return(false)"/>
</form>

    And in order to avoid the CORS restriction, https://localhost:9002/myApp/springSecurity/login html response must be a javascript code and include
    the following headers: 

    <% 
response.setHeader("Content-type", "application/x-javascript");
response.setHeader("Access-Control-Allow-Origin", "*");
%>

    Javascript example response which will be able to call “handleResponse” of its parent caller:

    handleResponse({'type':'error', 'mssg': 'your_login_failed_exception'});
    • 0