I know that cross-domain requests are disallowed for security reasons, but I was under the impression that only the top-level domain needed to match, that different sub-domains were okay. However, I am getting this error from Chrome 7:
"Unsafe JavaScript attempt to access frame with URL http://foo.somedomain.com/dir/page.html from frame with URL http://bar.somedomain.com/otherdir/otherpage.html. Domains, protocols and ports must match"
What exactly are the rules for these types of requests?
In short, the rules of the same origin policy are:
In your example you are violating the host rule, as a different subdomain could point to a different host/ IP than another, even if the second level domain is the same.
If you have no other possibility, you could try to use JSONP in your ajax request; this doesn't have an SOP.
Reference
No cross sub domain requests are not allowed in any browser. But there are some ways like CORS, using iframes, setting document.domain to make it work (although with some limitations).
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://img.manongdao.com/sparkler-677774__340.jpg', '推荐 疯言疯语 的文章《I thought cross-subdomain AJAX requests were allow》','https://www.manongdao.com/article-161349.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}