HTML5 cross document messaging vs. crossdomain policy

Hello all,

This may be a totally foolish question. if so, apologies in advance!

I am reading about HTML5 and I read about this new Cross Document Messaging API. Whatever I’ve understood is it will help communicate between documents being served by most probably different subdomains, which people mostly use to enhance performance and maintain/organize structure of files on the server.

I’ve been using crossdomain.xml and allowing access to resources from [noparse]http://www.domain.ext[/noparse], [noparse]http://domain.ext[/noparse] and [noparse]http://*.domain.ext[/noparse] with just 3 lines of code in crossdomain.xml. What extra advantage am I going to get out of ‘postMessage API’ as I’ve been unable to find any real world examples where this postMessage API is being used?

Any light thrown on the matter will be highly appreciated.

Thanks in advance,

crossdomain.xml only does anything for Flash. The browser doesn’t care about that file at all.

If you want to communicate with a document in an iframe or a popup window and it is not in the same origin, you can use postMessage.

If you want to read a resource from a different origin, you can use XHR, assuming that origin allows you to read it with CORS.

Thanks so much! Clears things for me. If you can recommend any resource for more info on the matter, I’ll be ever so thankful to you.


Check out the spec for postMessage at (this version of the spec is aimed at Web developers).

Many thanks again! :). Will go through it asap.