I am working on an IFD CRM system with a lot of customization. We have implemented Single Sign On so that we can develop iframes and web services to extend the standard functionality of CRM. The SSO site lives on a different subdomain from the CRM site, but they share the same top level domain.
We have many cases where we need to call our web services from javascript, and have found that in order to work around cross domain security in browsers, we need to set document.domain to the top level domain before sending XMLHttpRequest.
That part works fine, but I have run into a confounding bug. After setting document.domain to the top level domain, any attempt to set the visibility of a control using the Xrm SDK's setVisibility() function fails with an Access Denied error. Other functions like setValue work fine.
And of course, once document.domain has been set to the top level domain, it's impossible to set back to the original subdomain because of browser security.
Has anyone else run into this?