[Google Maps API v2] Re: IE7 & 8 Permission Denied error in main.js causing zip code search to break

Hey thanks for such detailed response.

You suspected brilliantly that we are changing domain from a.name.com
to name.com as soon as the page loads (we have 2 different servers
e.g. a.name.com and b.name.com, maps pages come from a.name.com).
Earlier I was using maps key for a.name.com, I generated a new key for
name.com and tried that but that also didn't work. Getting same error
as specified above in the 1st post. However all these things work fine
in Firefox or Chrome.

Thanks again !!

On Nov 20, 2:54 pm, Andrew Leach <andrew.leac...@gmail.com> wrote:
> On 20 November 2011 00:31, Someone <vijay....@gmail.com> wrote:
>
> > Thanks guys for all the info....I can't post any sample page because I am
> > very short of time....JS can change domain e.g. document.domain=XYZ.....
>
> Yes, I know you can do that, but that's intended to be used only in a
> limited way and with a particular purpose.
>
> If the page is loaded from a.name.com you can set the document.domain
> to name.com in order that it can cooperate with a document loaded from
> b.name.com which also sets document.domain to name.com.
>
> That is, you can only validly change the document.domain to a
> superdomain of the document's location.
>
> Since a domain-level key is valid for subdomains there seems to be no
> reason why the key validation should fail if the key is specified for
> the superdomain in the first place.
>
> Example
>
> Document loaded from a.name.com sets document.domain to "name.com"
> Document loaded from b.name.com sets document.domain to "name.com"
> Neither document will be subject to XSS restrictions on "name.com" resources.
> A key specified for "name.com" will work on both pages, whether it
> looks at document.domain or window.location.
>
> What you cannot validly do is change document.domain to "another.com"
> -- I suspect that the browser will silently ignore this (or rather,
> set it and still implement XSS restrictions). This could cause
> problems.
>
> It's possible that the API has changed from validating window.location
> to validating document.domain instead. This shouldn't cause issues
> with valid code provided that the key is valid for the domain
> (name.com). I can see that it may cause issues if the key is specified
> for a subdomain (a.name.com) because it now doesn't match
> document.domain on either page.
>
> If *this* is what's happening -- a key specified for a.name.com
> doesn't work on a page loaded from a.name.com if its document.domain
> is set to name.com, then that's a regression issue.
>
> It should be relatively straightforward to come up with a simple
> demonstrator, if your application is affected by this.

--
You received this message because you are subscribed to the Google Groups "Google Maps API V2" group.
To post to this group, send email to google-maps-api@googlegroups.com.
To unsubscribe from this group, send email to google-maps-api+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-maps-api?hl=en.