JS security issue with Opera 11.01, after moving from server A to B

I have a outer HTML-document (subdomain1.server-a.de) with an iFrame and inner HTML-document (subdomain2.server-a.de). The inner script should send & receive AJAX-requests to subdomain2.server-a.de. I've set the document.domain-value for both documents to "server-a.de" - so far, so good, works well in all tested browsers (FF/Chrome/Opera). Now I move the scripts to server-b.de with same subdomains and set the document.domain on both documents to "server-b.de". That still works in FF and Chrome, but Opera gives me a "Security error: attempted to read protected variable: xy" when trying to call my AJAX function from the outer document.

My conclusion so far: I can't violate the same domain policy, because then FF and Chrome wouldn't communicate with the inner document from outside either. I've also tried the solution from Focus with Cross-domain Ajax in Opera with the interval function, same issue.

Thanks a lot in advance for every hint.

UPDATE: I have set up a testing site for this. If you go to this site, you'll see, it works even with Opera (a dialog pops up with "Test called" after a few seconds). Now, if you copy the outer frame files "operatest.html" and jquery to another server - so it has to work in my case - you'll see, that FF and Chrome don't have a problem, but Opera has.

Is Opera comparing server details in order 开发者_运维百科to fulfill the same origin policy? Or will it deny access, if ip adresses of both subdomains don't match?

Sounds like it might be a timing issue, i.e. the outer document tries to initiate the request before the inner document has run the script that sets document.domain?? Or perhaps Opera has cached the IFRAME contents and you initially loaded a version where the script inside the IFRAME was wrong and didn't set document.domain correctly?

I suggest you forget the document.domain approach and use window.postMessage() (AKA HTML5-style cross-document messaging) instead. http://www.whatwg.org/specs/web-apps/current-work/multipage/comms.html#web-messaging

Had the same absurd issue with JS calls between parent and an iframe on a different subdomain - worked everywhere, but failed under Opera with the above mentioned error.

Removing ~/.opera folder (Opera settings folder in Linux) solved this, and another one very weird problem.

Cheers.