Conversation

Nerd-puzzle: how might I allow sibling same-origin iframes to communicate, given… - parent is cross-origin - can’t execute JS on parent - no sessionStorage, localStorage, cookies, or IDB access - with enough security to share auth tokens?

Neil Kandalgaonkar

@NeilKNet

Sep 15, 2020

I think this should do it

stackoverflow.com

How do I postMessage to a sibling iFrame

I'm looking for a way to postMessage to a sibling iFrame without any javascript in the parent page. The difficulty I'm having is trying to get the window object for the other iFrame from the first ...

Andy Matuschak

@andy_matuschak

Replying to

@NeilKNet

Nope, alas: can’t access window.parent.frames cross-origin.

5:59 PM · Sep 15, 2020TweetDeck

Replying to

and

(to my surprise, Firefox allows this! but Chrome and Safari sensibly don’t)

Neil Kandalgaonkar

@NeilKNet

Sep 15, 2020

Okay, I've seen one more weird trick, but it involves more coordination: triply embedded iframes - origin 1 - origin 2 - origin 1 These sometimes offer possibilities for communicating, but you need help from origin 1

Show replies