Here is the working page: game on glove dot com
The non-working page is the same URL minus the "www.".
Now try click开发者_高级运维ing on the items in the gallery at the top left of the page to the left of the youtube video. They pop a lightbox window in one version but not the other.
Also try clicking the "click here to order" button. A popup appears in both versions of the webpage, but once you make your selection and then click the button on that lightboxed window, you will see an error on the domain.com version, but not on the www.domain.com version.
Am I missing something ridiculous?
Since the object is flash it needs a policy file to have permissions to execute javascript code. And it might be being loaded from www.don't want this page being indexed so well under the website domain.com as opposed from domain.com which would break its the crossdomain policy as they are not considered the same domain. So you have to change the cross domain policy file to include all subdomains
Example should be (if im not mistaken):
<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.domain.com" />
</cross-domain-policy>
The problem is because the domain.com backend script that processes the requests sends a 302 Moved Temporarily if it's requested without the www.
I'm not sure if the jQuery ajax implementation tries to follow the 302 or not, but even if it did, it wouldn't be able to fetch the content because it's on a different domain and so is subject to the same origin policy
The easiest solution would be to update the backend processing script to remove the 302 redirect. Alternatively, forcefully redirect all traffic from http://domain.com to http://www.domain.com
When clicking the "Click To Order" button you return a 302 redirect status with a location to the www which your ajax call cannot follow due to the same origin policy
Screenshot below
精彩评论