postMessage still broken on IE11?
It seems that window.postMessage is still broken on IE 11 when the message is
- between a window and a child popup/tab with window.open
- when it's sent from different domains [or same domain in some case, c.f. update 16/01]
There was similar issues with IE 8/9/10 but this feature was flagged as 'supported' in IE 11 from 'partially supported' in IE 10
There is an example of the code that works on chrome/ff but not IE:
The opener (jsfiddle):
$(document).ready(function() {
$('#log').append('listening...');
window.addEventListener("message", function(e){
$('#log').append("Received message: " + JSON.stringify(e.data));
}, false);
$('button').click(function() {
window.open('http://jsbin.com/eQeSeros/1', 'popup','menubar=no, status=no, scrollbars=no, menubar=no, width=200, height=100');
});
});
The child popup (jsbin): (won't work if not open by jsfiddle)
$(document).ready(function() {
$('body').append('sending...');
window.opener.postMessage("Hello?", "http://fiddle.jshell.net");
$('body').append('sent...');
});
I read from the post Is cross-origin postMessage broken in IE10? that we can use a MessageChannel instead of postMessage, but reading the doc, i did not find how to use it in my real case, because you have to pass the port to the child window.
There is a redirect chain before i need to send my message, so even if i could send a port, i will lose any js object sent initially/before the redirects.
Any idea for a replacement ?
Update 14/01: I m thinking about passing my data in the window/tab title and regulary check this title from the parent... but this would be quite a dirty trick.
Update 16/01: The really bad part is that it does break even if the message is send from the same domain, but after being redirected by another domain.
here is the example: http://jsfiddle.net/L4YzG/13/ opens the popup http://jsbin.com/eQeSeros/4/edit that redirects to http://jsfiddle.net/mxS8Q/2/ (that posts the message)
If you change the url popup directly by the final url redirects to http://jsfiddle.net/mxS8Q/2/show this works on IE because there is no other domain between the opening & post
I am still working on my window title dirty trick. we cannot receive the title of the window when it is on another domain, but if it comes back on jsfiddle the title is available (there is not the previous problem with postMessage). Here is the example: http://jsfiddle.net/L4YzG/14/ ... This may be an alternative solution, but i just saw something about passing the data in a cookie, it just needs to be tested.
Update 04/02: Passing the infos in the title is not sufficient, if works well if the final domains are the same but not in cross domain. I wanted to inject an iframe of the same domain to pass these infos but i cannot share the child window object either (postMessage need a serializable object).
Finally i tried to share a cookie (created & received in js) between the injected iframe and child window, this works well on chrome & ff but still could not receive it correctly with IE. After adding P3P headers it worked fine, this seems to be the true solution. Safari seems to have some problems with this technique so i just keep this technique as a fallback.
Answer
Update 16/01: The really bad part is that it does break even if the message is send from the same domain, but after being redirected by another domain.
Hilariously, this "security feature" can be used in reverse to bypass the crossdomain restriction entirely.
In parent window at example.com:
<script>
window.open("http://example.com/dummy_redirect");
window.addEventListener('message', function(ev) {console.log(ev.data)})
</script>
On example.com server:
GET /dummy_redirect 302 http://jsfiddle.net/b6yfbunw/
A popup will open to your domain, redirect to jsfiddle, and the postMessage call will work in IE. You can even navigate to any domain after that and continue to make postMessage calls to the parent window.