Databases
StackOverflow2013
Postsdbo
POInternet Explorer, Flash POST variables and IFRAMES
 

Note that there are some explanatory texts on larger screens.

plurals
  1. POInternet Explorer, Flash POST variables and IFRAMES
    primarykey
    data
    text
    <p>I've had a customer who was getting some weird issues happening with a flash object embedded in an iframe, which called a PHP script and passed POST variables.</p> <p>I think I've finally figured out roughly what is going on, but would appreciate clarification as to whether or not my hunch is right.</p> <p>The setup is kind of complicated so please bear with me...</p> <p>Her web site uses one of those site-builder setups, so it's a bit limited in what it can do. She wanted to include my Flash application, but couldn't, so as a workaround she put the Flash app on another domain, and then embedded it with an iframe.</p> <p>Part of what the Flash app does is to open a separate window, and then call a PHP script, passing POST variables to it.</p> <p>On Chrome, Safari, and Firefox it works. On IE, it's as if no POST variables were posted.</p> <p>With an HTTP sniffer I was able to confirm that the variables were indeed sent, but the result clearly shows that the PHP script does not see them.</p> <p>This was really driving me nuts, until I remembered that there are two DIFFERENT domains here.</p> <p>Remember how she had to embed the content from one domain in an iframe in a different domain?</p> <p>So I'm thinking it's a cross-domain security issue that is causing the POST data to be blocked server-side.</p> <p>But then why does it work in other browsers?</p> <p>Here's my theory...</p> <p>In Chrome, Firefox, and Safari, the browser sends the data to the script with the page INSIDE the IFrame as the originator. Therefore the originator and the destination script are on the SAME domain.</p> <p>In IE, the browser sends the data to the script with the CONTAINER page as the originator. In this case the originator and the destination script are on DIFFERENT domains, and the server blocks the data.</p> <p>So, what do you think? Does that sound like a valid explanation? Is this a known feature of IE? What should a standards-compliant browser do in this situation?</p> <p>UPDATE:</p> <p>It turns out that the problem is NOT just for cross-domain. Even with the iframe content coming from the SAME site it still happens. Only in IE though. Weird right?</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. USxtempore
    1. USxtempore
    plurals
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. This table or related slice is empty.
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload