I'm iframing an external site. That site tries to call location from parent for analytics reasons and access is refused (for obvious default security reasons) . Yet I would like to disable that security and answer, because that site is a 'friend' but not on the same domain. Seems impossible to grant that access... any idea ?

I ran into a similar situation before. Allowing for cross domain javascript access through iframes is not possible since this would result in a cross-scripting-attack nightmare. Like the other poster said, you will have to post this data to them yourself. One way to fix this is to set a cookie that can be read by the other domain with whatever information they are looking for then they can read the data from the cookie. Javascript can set to the cookie when you load the other site in the iframe. For a function to do that, check http://phpjs.org/functions/setcookie:509

If the site is a 'friend' as you say - how about passing them the location data yourself?