My JavaScript book is out! Don't miss the opportunity to upgrade your beginner or average dev skills.

Monday, June 30, 2008

Ajax or JavaScript sub domain request

Some time we could have a situation like this one:

  • a site in a sub domain, called

  • another site in another sub domain, called

  • of course, a generic main site, called

A common problem between one or more sub domains, is the possibility to use, or call, scripts in the main domain, because of security restrictions.

The simplest solution is to force, in the client side, the document.domain, specifying the common one, i.e.

dcument.domain = "";

In this way you can add, for example, an iframe, and read its content, or use parent window object from the iframe that points, for example, to

There are different reasons to do it, and one of them, is the ability to share a global, or common, space, between every sub domain, performing Ajax requests or whatever else we need.

This object, saved in, and loaded by every other sub domain, like "a" or "b", could solve in a really simple way this problem.

CrossDomain = function(){
// - Mit Style License
var uid = 0, iframe, unset;
return {
search ="&"),
i = 0,
length = search.length,
i < length;
value = search[i].split("=");
if(value[0] === "uid"){
search = this[value[1]];
delete this[value[1]];
return search;
document.domain = unset;
return this;
send:function(domain, value){
var id = Math.random() + "." + uid++;
this[id] = value;
(document.body || document.documentElement).appendChild(
iframe = document.createElement("iframe")
).style.position = "absolute"; = = "1px"; = = "-10000px";
iframe.src = domain + (~domain.indexOf("?") ? "&" : "?" ) + "uid=" + id;
return this;
unset = document.domain;
document.domain = unset.split(".").slice(1).join(".");
return this;

Its usage is really simple, and here there is an example from, as example,

// callback to call (if it is the same for other sub domains
// put them in an external file
function showMessage(message){

// set domain name, i.e.

// call the page sending some value, every kind of value we need
CrossDomain.send("", ["a", "b", "c"]);

On the other file, the index inside, we could simply use this piece of code:

// set domain name, manually or including CrossDomain
// and using its set method
document.domain = "";

// call, simply, the parent function
// using the get method to avoid conflicts
// with multiple requestes
"You sent me " + parent.CrossDomain.get(location)
); // will alert a,b,c

The good thing of this simple created bridge, is that once you are in, from or, you can call via Ajax every page inside, sharing a single folder inside the global domain, instead of copy the same stuff everywhere in other domains.

// set domain name
document.domain = "";

// simple Ajax request
var xhr = new XMLHttpRequest;"get", "?demo", true);
xhr.onreadystatechange = function(){
if(xhr.readyState === 4)
"You sent me " + parent.CrossDomain.get(location),
"And AJAX said " + xhr.responseText

I hope this will be useful :)


vertical-align said...

Very useful, thank you! :)

PERR0_HUNTER said...

Do you have a demo?

Anonymous said...

Absolutely useful, thanks :)

MehtaJee said...

Very much confusing & ambigous.
I would be better if is mentioned clear which code be used on which exact page or domain.

Daniel said...

huh, I don't get what this CrossDomain object is supposed to do, or where you set specifically the domain