Cross-Origin Communication in Restricted Computer Environments
First Claim
1. A computer-implemented method for communicating data between a first execution context on a computing system and a second execution context on the computing system,wherein the first execution context executes content from a first origin,wherein the second execution context executes content from a second origin that is different from the first origin, andwherein the first execution context and the second execution context are each restricted from accessing data of the other as a result of a same-origin policy implemented by the computing system, the method comprising:
- establishing a bi-directional communication channel between the first execution context and the second execution context, including;
receiving, in the first execution context, an initial discovery message that was transmitted from the second execution context;
determining, in the first execution context and based on the initial discovery message that was transmitted from the second execution context, an identifier of the second execution context;
establishing, using the identifier of the second execution context, a first uni-directional sub-channel of the bi-directional communication channel, the first uni-directional sub-channel configured to carry messages from the first execution context to the second execution context;
receiving, in the second execution context, a connection broadcast message that was transmitted from the first execution context over the first uni-directional sub-channel;
determining, in the second execution context and based on the connection broadcast message that was transmitted from the first execution context over the first uni-directional sub-channel, an identifier of the first execution context; and
establishing, using the identifier of the first execution context, a second uni-directional sub-channel of the bi-directional communication channel, the second uni-directional sub-channel configured to carry messages from the second execution context to the first execution context; and
communicating messages between the first execution context and the second execution context over the bi-directional communication channel.
2 Assignments
0 Petitions
Accused Products
Abstract
This specification discloses techniques for communicating data between a first execution context on a computing system and a second execution context on the computing system. The first execution context can execute content from a first origin, the second execution context can execute content from a second origin that is different from the first origin, and the first execution context and the second execution context can each be restricted from accessing data of the other as a result of a same-origin policy implemented by the computing system. The method can include establishing a bi-directional communication channel between the first execution context and the second execution context.
-
Citations
20 Claims
-
1. A computer-implemented method for communicating data between a first execution context on a computing system and a second execution context on the computing system,
wherein the first execution context executes content from a first origin, wherein the second execution context executes content from a second origin that is different from the first origin, and wherein the first execution context and the second execution context are each restricted from accessing data of the other as a result of a same-origin policy implemented by the computing system, the method comprising: -
establishing a bi-directional communication channel between the first execution context and the second execution context, including; receiving, in the first execution context, an initial discovery message that was transmitted from the second execution context; determining, in the first execution context and based on the initial discovery message that was transmitted from the second execution context, an identifier of the second execution context; establishing, using the identifier of the second execution context, a first uni-directional sub-channel of the bi-directional communication channel, the first uni-directional sub-channel configured to carry messages from the first execution context to the second execution context; receiving, in the second execution context, a connection broadcast message that was transmitted from the first execution context over the first uni-directional sub-channel; determining, in the second execution context and based on the connection broadcast message that was transmitted from the first execution context over the first uni-directional sub-channel, an identifier of the first execution context; and establishing, using the identifier of the first execution context, a second uni-directional sub-channel of the bi-directional communication channel, the second uni-directional sub-channel configured to carry messages from the second execution context to the first execution context; and communicating messages between the first execution context and the second execution context over the bi-directional communication channel. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computing system comprising one or more processors and one or more computer-readable media encoded with instructions that, when executed, cause the one or more processors to implement:
-
a first execution context that executes content from a first origin; a second execution context that executes content from a second origin that is different from the first origin; and a security application that restricts each of the first execution context and the second execution context from accessing data of the other in accordance with a same-origin policy implemented by the security application; wherein the first execution context and the second execution context are configured to establish a bi-directional communication channel for carrying messages between the first execution context and the second execution context by performing operations that comprise; receiving, in the first execution context, an initial discovery message that was transmitted from the second execution context; determining, in the first execution context and based on the initial discovery message that was transmitted from the second execution context, an identifier of the second execution context; establishing, using the identifier of the second execution context, a first uni-directional sub-channel of the bi-directional communication channel, the first uni-directional sub-channel configured to carry messages from the first execution context to the second execution context; receiving, in the second execution context, a connection broadcast message that was transmitted from the first execution context over the first uni-directional sub-channel; determining, in the second execution context and based on the connection broadcast message that was transmitted from the first execution context over the first uni-directional sub-channel, an identifier of the first execution context; and establishing, using the identifier of the first execution context, a second uni-directional sub-channel of the bi-directional communication channel, the second uni-directional sub-channel configured to carry messages from the second execution context to the first execution context. - View Dependent Claims (15, 16, 17)
-
-
18. One or more non-transitory computer-readable media having instructions stored thereon that, when executed by one or more processors of a computing system, cause the one or more processors to perform operations for communicating data between a first execution context on the computing system and a second execution context on the computing system,
wherein the first execution context is configured to execute content from a first origin, wherein the second execution context is configured to execute content from a second origin that is different from the first origin, and wherein the first execution context and the second execution context are each restricted from accessing data of the other as a result of a same-origin policy of the computing system, the operations comprising: -
establishing a bi-directional communication channel between the first execution context and the second execution context, including; receiving, in the first execution context, an initial discovery message that was transmitted from the second execution context; determining, in the first execution context and based on the initial discovery message that was transmitted from the second execution context, an identifier of the second execution context; establishing, using the identifier of the second execution context, a first uni-directional sub-channel of the bi-directional communication channel, the first uni-directional sub-channel configured to carry messages from the first execution context to the second execution context; receiving, in the second execution context, a connection broadcast message that was transmitted from the first execution context over the first uni-directional sub-channel; determining, in the second execution context and based on the connection broadcast message that was transmitted from the first execution context over the first uni-directional sub-channel, an identifier of the first execution context; and establishing, using the identifier of the first execution context, a second uni-directional sub-channel of the bi-directional communication channel, the second uni-directional sub-channel configured to carry messages from the second execution context to the first execution context; and communicating messages between the first execution context and the second execution context over the bi-directional communication channel. - View Dependent Claims (19, 20)
-
Specification