In the application I work on we need to upload images from the post editing page (right, much like a regular blog). As all sane people, we have an editor (Tiny MCE), an IFRAME to post files being uploaded through and some code to glue it all together. Previously we were using a different WYSIWYG editor, but recently replaced that with Tiny MCE for its Safari 3 support.
When the first “permissions” error showed up upon receiving the on-upload-completed GUI update code, the immediate reaction was “hey, there must be a port number somewhere, since I know we talk to the same domain, or otherwise it wouldn’t breathe at all”. A quick check showed that no, there was no explicit port number either in the main document URL or in the URL of the IFRAME part. Ouch.
When there was nothing but few
<script> tags and 2 lines of HTML, the answer became excitingly obvious. Here’s the short rule of thumb derived from this lesson:
When you use Tiny MCE and planning to access parent DOM from within an IFRAME somewhere on the same page, make sure that:
- The code you load into IFRAME comes from the domain with the name that matches the domain name of the main document to the last letter
- Port numbers matter
The end of the story.