I am trying to use postMessage/receiveMessage to access the response of a cross-domain request via an iframe.
The iframe calls a resource which usually does a particular operation, but when there is an error it instead responds with a script snippet that calls postMessage.
This was working in development environment but in production it fails and I guess it has something to do with HTTPS but not sure how to resolve it.
The response code looks like this:
<script>
$.postMessage(whateverData, 'https://abc.def.com', parent );
</script>
The receive message on the client looks like this:
$.receiveMessage(function(e){
alert(e.data);
}, 'http://blah123');
The error I am seeing in console (Chrome browser) looks like this: (which displays the HTTP request URL)
The page at https://abc.def.com/xyz/something.html#jkl displayed insecure content from http://blah123/sub/qwerty/target.aspx?parmsRemoved
Uncaught SyntaxError: Unexpected token ILLEGAL
What went wrong here? How to fix?
Edit: Hmm, is it possible that the first console message is misleading - that is has nothing to do with security but that the error is it is having trouble parsing the text inside of my 'whateverData' var?