close iframe that's in another domain

[piwozdiwect]

Hello

I'm using lytebox to open an iframe, but the iframe url is in another domain that the parent window.

i need to close the iframe when user clicks a button. I can do that with javascript : top.$lb.end();
the $lb.end(); starts lytebox scripts in parent window which close the iframe and modify all the css stuff.
That works when my iframe url is in the same domain. But when it's in another domain, that does'nt work.

Can anyone tells me how to do that ? Starting the $lb.end() function of the parent window ?
Thank you.

[Kor]

Can anyone tells me how to do that ? Starting the $lb.end() function of the parent window ?
Thank you.

AFAIK, you can't. This kind of javascript relationship is not possible across different domains.

[rnd me]

simple. call top.postMessage() and raise an event on top that closes your box by sending a flag or trigger in your event.data argument.

[Kor]

simple. call top.postMessage() and raise an event on top that closes your box by sending a flag or trigger in your event.data argument.

Well, yes, but doesn't that require the access on both domains?

On the other hand, postMessage() won't work on IE7 (and other older browsers). And I think it works synchronously in IE9 (at least).

[rnd me]

even without IE7, postMessage() is much better than "AFAIK, you can't."...

if the OP doesn't have access to both domains, he shouldn't be influencing code on both.

there are work-arounds for IE7, the window.name transport for example, but i would just focus on the current and last time's browsers.

[Kor]

even without IE7, postMessage() is much better than "AFAIK, you can't."...

What's wrong with "As Far As I Know?" A frank cover for an ambiguous answer...

if the OP doesn't have access to both domains, he shouldn't be influencing code on both.

The truth is that most of the time people want to influence something on another domain without having access or acceptance of the owner of that domain. Which makes the things if not impossible, at least malicious. Don't you think so?

[rnd me]

The truth is that most of the time people want to influence something on another domain without having access or acceptance of the owner of that domain. Which makes the things if not impossible, at least malicious. Don't you think so?

"malicious" stems from "malice", which i don't think is a motivation in most of these requests. I think many coders, especially the newer ones that ask lots of questions around here, are just unaware of the SOP.

Since php proxies, back end engines, cors, jsonp, and other technique routinely mashup content on popular sites, people assume it's easy to do. And to some extent, they are right: it is easy. It's just that it hasn't been easy in javascript for very long, and even today, js follows a much stricter set of rules than curl or python or other common web languages.


i also think that hackers wouldn't ask many questions in public, or would know how to figure it out themselves. Otherwise, they wouldn't be a very good hacker...

[Kor]

i also think that hackers wouldn't ask many questions in public, or would know how to figure it out themselves. Otherwise, they wouldn't be a very good hacker...

True. Yet many honest beginners still hope that they could establish a back-and-forth relationship between 2 domains, without having access to one of them.