I have an increasingly frustrating problem with the firefox implementation of the same origin policy.
I am developing an integrated system with touch screen support, and we have the user option of loading web pages in iframes in several locations on the screen. The web pages can be any kind of webpages from any kind of domain and location (google, yahoo, intranet pages etc) and herein lies my problem.
I need to be able to add an onclick event to the iframe, that gives me the id of the iframe (or some other unique identifier) as a response. This tells me that activity (web browsing) is underway on the iframe and that the iframe should not be reloaded (the pages are set for a fixed automatic update interval that should be interrupted on activity.
I have read just about everything google returns me (but I would love to be disproven in this matter) and I have found this to be the best (among a lot of other) solution:
<iframe src='http://google.com' id='iframe1' onload='netscape.security.PrivilegeManager.enablePrivilege("UniversalBrowserWrite"); this.contentWindow.document.addEventListener("click", function(event) {alert(this.id);}, false)'></iframe>
This just gives me the regular permission denied for http://localhost to get property Window.document from http://google.com
I know why I get this error message, and my question is simple. How do I remove it?
It is an integrated system, I can compile firefox from source, I can edit the source code if needed, I can change prefs.js etc. but I need to use firefox (I know all other sensible web browsers has a nice command line switch to turn it off...) but we have a (quite) tight integration with the firefox platform that would be hard to remove.
We currently use Firefox v.3.5.16 (I know it's EOL, we are going to upgrade it some other time) on a Debian Squeeze platform. If needed I can upgrade to a newer Firefox version, but from what I have found it seems to fare even worse in this matter.
TL;DR Help me to shut of same origin policy, in any way possible on Firefox 3.5.16 for an integrated platform that needs to alter code through cross domain iframes.
