Relaxing of the Same Origin Policy

The Same Origin Policy (SOP) is a security mechanism that prevents JavaScript code running on a Web page from interacting with any resource not originating from the same site. In SAP applications, the SOP is automatically relaxed by one level by removing the host name from the fully qualified domain name. With the relaxed document domain, applications can share information between frames as long as the systems they run on are in the same subdomain. For example, host1.example.com and host2.example.com are in the same relaxed document domain, example.com . The portal integration benefits from the relaxed document domain by enabling portal features such as client-side eventing, WorkProtect feature, session management, auto resizing and popup windows over iView borders.

Relaxing of document domain in the portal components is performed according to the following rules:

• PRT portal components implementing the IPortalComponent interface

  The code for domain relaxing is included automatically by EPCF during rendering of the portal component.

• Web Dynpro for Java and Web Dynpro for ABAP portal components

  The code for domain relaxing is included automatically by the Web Dynpro frameworks during rendering of a portal component. Make sure that the Web Dynpro components are integrated using standard templates for Web Dynpro applications in the Portal Content Directory.

  To access the EPCF methods, use the corresponding wrapper methods/classes in Java or ABAP supplied by WebDynpro.

  For more information, see Developing Web Dynpro Applications for the Portal .

• Other components that render HTML markup

  For domain relaxing, you have to include the following code before any EPCF method calls:

                    <script>
  var lnDotPos = document.domain.indexOf( "." ); 
  if(lnDotPos>=0)document.domain = document.domain.substr(lnDotPos+1);
  </script>