Internet Explorer 7 blocks cross-domain iframe to parent communication
A new security setting in Microsoft Internet Explorer 7 has been causing problems with requests between iframe and parent. There is a security setting in the Internet options called “Navigate sub-frames across different domains”, which in IE6 was set to “Enabled” under Medium security, but is set to “Disabled” in IE7 by default.
An example of the type of communication that is blocked is shown here:
The container page sends a message to Page 1, in Domain A: “Change your location to Page 2”. In IE6, this is not a problem. But in IE 7, it is allowed.
Continue reading