Bookmarked! I've been using this scheme to allow cross domain communication between two or more websites using a central SSO domain.
I think this is the general schema used by google and other social app sites for their SSO implementation. If you browse the gmail or youtube code you will see many things and other additional fields. Google also add an origin restriction. If you want to use the accounts.google.com SSO you have to register in google apps, get an integration ID and specify your authorized origins.
You can also do origin check in your main application by checking if the main app domain is equal to the event.origin received from a postMessage
constsourceDomain='your-website-domain';addEventListener("message",_listener,false);function_listener(event){//origin checkif(sourceDomain.lastIndexOf(event.origin)==-1){return;}// do something}
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
Bookmarked! I've been using this scheme to allow cross domain communication between two or more websites using a central SSO domain.
I think this is the general schema used by google and other social app sites for their SSO implementation. If you browse the gmail or youtube code you will see many things and other additional fields. Google also add an origin restriction. If you want to use the accounts.google.com SSO you have to register in google apps, get an integration ID and specify your authorized origins.
You can also do origin check in your main application by checking if the main app domain is equal to the
event.originreceived from apostMessage