I'm working on a Django project and, as part of good practices, I have my static content and media being served from cookieless domains. Of course, in order to do this and still use things like Google Analytics, etc., I serve all documents from www.domain.tld while media comes from media.domain.tld and static comes from static.domain.tld.
This initially caused issues with TinyMCE, my wywiwyg editor of choice, but this was solveable easily enough by editing tiny_mce.js and tiny_mce_popup.js to include the line:
document.domain=window.location.hostname.split('.').splice(-2).join('.');
at the top. This essentially sets the document.domain of my main editing window and the TinyMCE popups to domain.tld, no matter how deep into subdomains they were sourced from. Works well (and is portable). (I don't care about Array.splice() potentially not being available in the client browser, because TinyMCE is only used for Administration, where we control the browser).
Anyway, I digress.
All is well until I tried to use the Django Admin popups to, for example, create a new M2M item on the fly. The popup appears OK, but it cannot finish the job properly because the pop-up window's document domain gets set to, in this case, www.domain.tld, while the document.domain in the main editing window is domain.tld (as per the above).
Easy, I thought, I will just add the same JS snippet into the body of the admin's base.html file. No go. The popup's document.domain indeed gets set when tested in the JS console to domain.tld as per my included snippet, but as soon as I try to save the new object, it is reset back to www.domain'tld (also as tested, post submit in the JS Console), and of course the inter-window communications fails with:
Uncaught TypeError: Property 'dismissAddAnotherPopup' of object \
[object Window] is not a function`
in the popup window and:
Unsafe JavaScript attempt to access frame with URL \
http://www.domain.tld/admin/project/object/16/ from frame with URL \
http://www.domain.tld/admin/project/object/add/?_popup=1. The frame being \
accessed set 'document.domain' to 'domain.tld', but the frame requesting access \
did not. Both must set 'document.domain' to the same value to allow access.
Checking document.domain in the two windows reveals this truth:
Main window: domain.tld
Popup window: www.domain.tld (remember, this has changed on submit)
So, question to all you guru's out there, is there some Django JS code that is resetting the popup frame's document.domain just before posting the result back to the main window? OR, is the resetting a side-effect of using the main window's window object to do its comms? If the prior, can you please point me to where this would be? I can't seem to locate which file it may be in. If the latter, what's the solution to having cookieless domains + TinyMCE + Django Admin popups?
Many thanks in advance for considering this issue!
