I'm embedding an application via iframe into a someones site and need to be able to call a few of their javascript functions. Clearly running a top.cart.add() gets blocked by the same-origin policy. We've exhausted most of our options when it comes to getting them to set something up for us, so we need to try to work around them. Someone mentioned that having them set up a CNAME record could allow us to execute cross domain javascript. Is that possible? If so, how does that work. If not, how would you recommend I approach this?
Yes, a cname would work. The simple reason is that the browser/java will use the host directive, which is obtained from the hostame entered in the address bar, or specified in the code of the webpage when it pulls up additional objects.
The way cname works, is it responds to requests for host1.domain1.com and responds with another dns name, say host2.otherdomain.com, which is queried by the resolver. This is all done by the resolver, and is separate from what is going on with app/browser, so it's "transparent" (For lack of a better descriptive word right now).
if the webpage is at www.foo.com, but your app is from www.bar.com, you can ask them to create a cname for bar.foo.com or something, that points to www.bar.com. The only other thing you need to then do is create a vhost on your webserver that listens for foo.bar.com as well as www.bar.com - if you are using vhosts.