This PR is to fix the issue with iframe access lockdown by modern browers.
Even though iframe and parent html are under the same origin, browsers without enabling CORS won't be able to modified children iframe's content.
Instead, you get errors like:
Blocked a frame with origin xxxxxxxxx from accessing a cross-origin frame.
This PR uses ajax request with simulated form data upload via formData() so to bypass the upload-to-hidden-iframe scheme completely.
For older browser that doesn't support formData(), this PR allows fallbacking to iframe uploading scheme.
This PR is to fix the issue with iframe access lockdown by modern browers.
Even though iframe and parent html are under the same origin, browsers without enabling CORS won't be able to modified children iframe's content. Instead, you get errors like:
This PR uses ajax request with simulated form data upload via formData() so to bypass the upload-to-hidden-iframe scheme completely.
For older browser that doesn't support formData(), this PR allows fallbacking to iframe uploading scheme.