The same-origin policy prevents scripts from accessing data from or manipulating the Web pages of other sites. The policy requires scripts to use the same port and protocol and come from the the same host as the page or script they attempt to interact with. This applies to pages loaded into different windows, frames or and iframe.

This can be too restrictive for sites that use different servers or subdomains. For example: a site could use info.mysite.com for general information, catalog.mysite.com for the catalog, and help.mysite.com for product support. Based on the same-origin policy, pages from these sites could not exchange information. The document.domain property has been available since JavaScript 1.1 to help sites using more than one host.

In script, set the domain to the same host on the pages that need to exchange data. Include this code on each page assigning the same value to the document.domain properties.

            <script type="text/javascript">
                document.domain = "common.mysite.com";
            </script>

The value must include a dot and the primary domain: mysite.com. ou could not use "common.stuff", "common.mysite", "othersite.com", or "com".

Two windows or frames that contain scripts setting the domain property to the same value relax the same-origin policy.