cross-domain communication between a sender domain and a receiver domain includes: receiving, in the receiver domain, a data request from the sender domain, the data request being directed to a designated request processing page in the receiver domain; processing the data request to generate a response; and sending the response to the sender domain, the response being directed to a designated response processing page in the sender domain. Alternatively, cross-domain communication includes receiving, in the receiver domain, a data request from the sender domain, the data request being directed to a designated request processing page in the receiver domain; processing the data request to generate a response; and sending the response to the sender domain, the response being directed to a designated response processing page in the sender domain.
|
17. A method for cross-domain communication between a sender domain and a receiver domain that is different from the sender domain, comprising:
receiving, in the receiver domain, a data request from an originating webpage deployed in the sender domain, the data request being directed to a designated request processing page in the receiver domain, wherein sending the data request from the sender domain to the receiver domain includes opening a hidden page and using the hidden page to open the designated response request processing page and to send a request command and associated request data via the hidden page, wherein opening the hidden page includes opening an invisible new window or an invisible iframe;
processing, by one or more hardware processors, the data request to generate a response; and
sending the response to the sender domain, the response being directed to a designated response processing page in the sender domain, wherein the designated response processing page deployed in the sender domain is a different webpage from the originating webpage deployed in the sender domain.
9. A method for cross-domain communication between a sender domain and a receiver domain that is different from the sender domain, comprising:
sending a data request from an originating webpage deployed in the sender domain to the receiver domain, the data request being directed to a designated request processing page in the receiver domain, wherein sending the data request from the sender domain to the receiver domain includes opening a hidden page and using the hidden page to open the designated response request processing page and to send a request command and associated request data via the hidden page, wherein opening the hidden page includes opening an invisible new window or an invisible iframe;
receiving a response from the receiver domain, the response including requested data and being directed to a designated response processing page in the sender domain, wherein the designated response processing page deployed in the sender domain is a different webpage from the originating webpage deployed in the sender domain; and
processing, by one or more hardware processors, the response.
16. A receiver system for cross-domain communication between a sender domain and a receiver domain that is different from the sender domain, comprising:
a processor configured to:
receive, in the receiver domain, a data request from an originating webpage deployed in the sender domain, the data request being directed to a designated request processing page in the receiver domain, wherein sending the data request from the sender domain to the receiver domain includes opening a hidden page and using the hidden page to open the designated response request processing page and to send a request command and associated request data via the hidden page, wherein opening the hidden page includes opening an invisible new window or an invisible iframe;
process the data request to generate a response; and
send the response to the sender domain, the response being directed to a designated response processing page in the sender domain, wherein the designated response processing page deployed in the sender domain is a different webpage from the originating webpage deployed in the sender domain; and
a memory coupled to the processor, configured to provide the processor with instructions.
1. A sender system for cross-domain communication between a sender domain and a receiver domain that is different from the sender domain, comprising:
a hardware processor configured to:
send a data request from an originating webpage deployed in the sender domain to the receiver domain, the data request being directed to a designated request processing page in the receiver domain, wherein sending the data request from the sender domain to the receiver domain includes opening a hidden page and using the hidden page to open the designated response request processing page and to send a request command and associated request data via the hidden page, wherein opening the hidden page includes opening an invisible new window or an invisible iframe;
receive a response from the receiver domain, the response including requested data and being directed to a designated response processing page in the sender domain, wherein the designated response processing page deployed in the sender domain is a different webpage from the originating webpage deployed in the sender domain; and
process the response; and
a memory coupled to the hardware processor, configured to provide the hardware processor with instructions.
2. The system of
3. The system of
4. The system of
5. The system of
the data request includes a request command and associated request data;
the request command is sent as a fragment identifier attached to a uniform resource locator (URL); and
the associated data are is transferred as a name property of a window object.
6. The system of
the data request includes a request command and associated request data; and
the request command and the associated request data are sent as a fragment identifier attached to a URL.
8. The system of
10. The method of
11. The method of
12. The method of
13. The method of
the data request includes a request command and associated request data;
the request command is sent as a fragment identifier attached to a uniform resource locator (URL); and
the associated data are is transferred as a name property of a window object.
14. The method of
the data request includes a request command and associated request data; and
the request command and the associated request data are sent as a fragment identifier attached to a URL.
|
|||||||||||||||||||||
This application claims priority to People's Republic of China Patent Application No. 200810147259.3 entitled METHOD, SYSTEM AND DEVICE FOR CROSS-DOMAIN COMMUNICATION filed Aug. 25, 2008 which is incorporated herein by reference for all purposes.
The present invention relates generally to the field of network technology and more particularly to method, system and device for cross-domain communication.
Existing browser software such as Internet Explorer or Firefox provides a security isolation mechanism based on network domains to prevent programs from different websites from accessing each other's data and causing visitor's private data to be misappropriated from one website to another. Some large web platforms, however, can include many different domain names or different websites that are in trust relationships with each other and often need to exchange data and service among different websites.
Several techniques for cross-domain communication exist. Current techniques, however, usually have certain disadvantages.
One existing technique for cross-domain communication involves exploiting certain security holes in the browser. This is not secure since malicious websites can also use security vulnerabilities to launch attacks. Also, the technique becomes obsolete as soon as the security holes are patched.
Another technique for cross-domain communication involves decreasing the client browser security setting to allow for cross-domain visits. Decreasing the security standard, however, makes the client more vulnerable to exploits by malicious web sites.
Another technique involves URL jumping between different websites, where one website requests a page in another domain and sends information in the form of URL parameters and the other domain returns information by redirecting the browser to the web page in the requester's domain and sending information in the form of URL parameters. When URL jumping is used to communicate between different websites, the servers must deal with greatly increased load and efficiency is decreased. The technique also leads to security problems since the data information transferred via the URL is in plain view in the address bar of requesta necessary current hardware platform. Based on this understanding, the technical program of the present invention can be embodied by a form of software products which can be stored in a nonvolatile storage medium (such as CD-ROM, U disk, mobile hard disk, etc.), including a number of instructions for making a computer device (such as personal computers, servers, or network equipments equipment, etc.) implement the methods described in the embodiments of the present invention.
The descriptions above are just preferred implementation ways of the present invention. It should be pointed that, for general technical personnel in this field, some improvement and decorating can be done, which should be under the protection scope of the present invention.
Although the foregoing embodiments have been described in some detail for purposes of clarity of understanding, the invention is not limited to the details provided. There are many alternative ways of implementing the invention. The disclosed embodiments are illustrative and not restrictive.
| Patent | Priority | Assignee | Title |
| Patent | Priority | Assignee | Title |
| 5142622, | Jan 31 1989 | Cisco Technology, Inc | System for interconnecting applications across different networks of data processing systems by mapping protocols across different network domains |
| 5802590, | Dec 13 1994 | Microsoft Technology Licensing, LLC | Method and system for providing secure access to computer resources |
| 5895499, | Jul 03 1995 | Oracle America, Inc | Cross-domain data transfer using deferred page remapping |
| 5961593, | Jan 22 1997 | THE CHASE MANHATTAN BANK, AS COLLATERAL AGENT | System and method for providing anonymous personalized browsing by a proxy system in a network |
| 6125384, | Dec 23 1996 | International Business Machines Corporation | Computer apparatus and method for communicating between software applications and computers on the world-wide web |
| 6934757, | Jan 06 2000 | International Business Machines Corporation | Method and system for cross-domain service invocation using a single data handle associated with the stored common data and invocation-specific data |
| 7506248, | Oct 14 2005 | Ebay Inc.; eBay Inc | Asynchronously loading dynamically generated content across multiple internet domains |
| 7640512, | Dec 22 2000 | Automated Logic Corporation | Updating objects contained within a webpage |
| 8250082, | Jun 23 2006 | Microsoft Technology Licensing, LLC | Cross domain communication |
| 8280819, | Jul 09 2004 | PayPal, Inc | Method and apparatus for securely displaying and communicating trusted and untrusted internet content |
| 20030023445, | |||
| 20060010134, | |||
| 20070113237, | |||
| 20070256003, | |||
| 20070299735, | |||
| 20070299857, | |||
| 20070300064, | |||
| 20080010359, | |||
| 20080033956, | |||
| 20080034441, | |||
| 20080046562, | |||
| 20080281944, | |||
| 20080298342, | |||
| 20090006996, | |||
| 20090037806, | |||
| 20090037935, | |||
| 20090199083, | |||
| 20090248494, | |||
| 20090293018, | |||
| 20090328063, | |||
| 20100088354, | |||
| WO2007047765, |
| Executed on | Assignor | Assignee | Conveyance | Frame | Reel | Doc |
| Aug 06 2009 | LI, ZHANYUAN | Alibaba Group Holding Limited | ASSIGNMENT OF ASSIGNORS INTEREST SEE DOCUMENT FOR DETAILS | 032187 | /0399 | |
| Dec 23 2013 | Alibaba Group Holding Limited | (assignment on the face of the patent) | / |
| Date | Maintenance Fee Events |
| Jul 03 2015 | M1551: Payment of Maintenance Fee, 4th Year, Large Entity. |
| Jul 03 2019 | M1552: Payment of Maintenance Fee, 8th Year, Large Entity. |
| Jul 03 2023 | M1553: Payment of Maintenance Fee, 12th Year, Large Entity. |
| Date | Maintenance Schedule |
| Sep 16 2017 | 4 years fee payment window open |
| Mar 16 2018 | 6 months grace period start (w surcharge) |
| Sep 16 2018 | patent expiry (for year 4) |
| Sep 16 2020 | 2 years to revive unintentionally abandoned end. (for year 4) |
| Sep 16 2021 | 8 years fee payment window open |
| Mar 16 2022 | 6 months grace period start (w surcharge) |
| Sep 16 2022 | patent expiry (for year 8) |
| Sep 16 2024 | 2 years to revive unintentionally abandoned end. (for year 8) |
| Sep 16 2025 | 12 years fee payment window open |
| Mar 16 2026 | 6 months grace period start (w surcharge) |
| Sep 16 2026 | patent expiry (for year 12) |
| Sep 16 2028 | 2 years to revive unintentionally abandoned end. (for year 12) |