>You do understand that security features are designed exactly to thwart your intended purpose, right?
>
>IOW: trust is not *supposed* to be baseless. You either have to sign on the server side (announce who you are) OR allow explicit action on the client side admitting your entry (agree to allow the code to run, either by setting/preference or user action).
>
>This isn't weird or an accident.
>
>The rule of "same origin" is sort of a shortcut that is allowed under certain circumstances, and not in all environments. For example, if I remember correctly, some versions of the Flash client allow cross-site posting from Flash script and some don't.
>
>Sometimes it's possible for your code to be seen as "same origin" if you write it slightly differently or if the two items come from two different sub-domains, although how it works is still at the discretion of the client. I can't tell whether this might be an option for you?

The same code is not doing anything for me which I have the same Mozilla Firefox version as another person. The other person was asked to sign the code and after that it worked.