First of all, dunno what i'm doing wrong (or what i'm missing) but i can't select the correct Safari version: i'm reporting on version 5 but i can only select up to safari 3.2 in the bug tracker version list... Now the problem: in both Mozilla and IE the XMLHttpRequest object is attached to the FRAME in which the document is loaded, while in Safari it is attached to the MAIN WINDOW in which the document is loaded. This results in different behavior on these browsers when a document 'Document1' located on a domain 'Domain1' contains a frame that loads a document 'Document2' contained on a different domain 'Domain2': specifically, in Safari 'Document2' cannot use XMLHttpRequest to access data from 'Domain2' and it reports a cross-site security violation (in both Firefox and IE it works fine) So, to rise (see the diagram below using a Fixed-width font): <contained on> Domain1 <---------------------- Document1 | |<contains a FRAME with...> | <contained on> V Domain2 <---------------------- Document2 ^ | | |<can NOT access via XMLHttpRequest on Safari> | | | <contained on> V \----------------------------- Files
Do you have an live example or a test case for the problem? I couldn't reproduce it from this description. Knowing how the code works, I'm extremely surprised by this report. There is likely some additional twist that a live example would help find.
You are right, i made a small test case myself and it's not an XMLHttpRequest problem. I have some cookies that don't work under certain circumstances, but i got confused because the previous version of Safari (v4) was reporting in the error console something related to the XMLHttpRequest trying to make some cross-site access, but in the current version of safari (v5) that error doesn't even show up anymore. Sorry, my mistake, this bug report is... bogus :-) I'm closing it.
Thanks for following up on this!