I'm the engineer who designed the current infrastructure for Cross-Domain Messaging in the Facebook JS SDK, so maybe I can shed some light on things here.

我是为 Facebook JS SDK 中的跨域消息传递设计当前基础架构的工程师，所以也许我可以在这里解释一些事情。

This setup might seem a bit unorthodox and confusing to some, but it's really quite elegant, if I might say so myself :)

这个设置对某些人来说可能看起来有点不正统和令人困惑，但它确实非常优雅，如果我自己可以这么说:)

Depending on whether the page is HTTP or HTTPS, the JS SDK will create two iframes, pointing to the xd_arbiter.php resource, which is served from a *.facebook.com domain. Since it sets document.domain = 'facebook.com', these can communicate with other resources on facebook.com that does the same.

根据页面是 HTTP 还是 HTTPS，JS SDK 将创建两个 iframe，指向 xd_arbiter.php 资源，该资源由 *.facebook.com 域提供。由于它设置了document.domain = 'facebook.com'，这些可以与 facebook.com 上的其他资源进行相同的通信。

These resources, the proxies, gets passes some information through the fragment, to give them dynamic capabilities, but are otherwise 100% static and cached by your browser - so these are really fast to load.

这些资源，即代理，通过片段传递一些信息，为它们提供动态功能，但在其他方面是 100% 静态的并由浏览器缓存 - 因此它们加载速度非常快。

What happens next is that a Cross-Domain Messaging link is established between the host page, and each of the iframes (the proxies). This means that from now on, the host page can communicate to a HTTPS page on facebook.com, and if the host page is HTTP, it can also communicate with a HTTP page on facebook.com.

接下来发生的是在主机页面和每个 iframe（代理）之间建立跨域消息传递链接。这意味着从现在开始，主机页面可以与 facebook.com 上的 HTTPS 页面通信，如果主机页面是 HTTP，它也可以与 facebook.com 上的 HTTP 页面通信。

How this link works across browsers is a more complex matter, but it's all abstracted into a channel, much like you can see with easyXDM.

这个链接如何跨浏览器工作是一个更复杂的问题，但它都被抽象成一个通道，就像你在easyXDM 中看到的一样。

Now, whenever the JS SDK creates a new window on facebook.com, either as a popup, or as an iframe, instead of having to set up a fresh communication channel between the host page and each window, the new windows can utilize the existing proxy, paying no cost in setup.

现在，每当 JS SDK 在 facebook.com 上创建一个新窗口时，无论是作为弹出窗口还是作为 iframe，都不必在主机页面和每个窗口之间设置新的通信通道，新窗口可以利用现有的代理，无需支付设置费用。

When needing to send messages to the host page, these will use (window.opener || window.parent).frames['fb_xdm_frame_' + location.protocol.replace(':', '')to get a handle to the proxy, and similarly, the proxy can use parent.frames[some_name]to get a handle to any sibling iframes on the page, as long as the right proxy (HTTP or HTTPS) was used.

当需要向主机页面发送消息时，这些将用于(window.opener || window.parent).frames['fb_xdm_frame_' + location.protocol.replace(':', '')获取代理的句柄，类似地，代理可以用于parent.frames[some_name]获取页面上任何兄弟 iframe 的句柄，只要正确的代理（HTTP 或 HTTPS ) 被使用。

For us, this basically means that the concern about how to communicate cross-domain is isolated to the JS SDK and its resources - any services we build on top of this can rely on a very simple api of send_this_message(message, origin)and it will 'magically' end up on the other end, if allowed by the origin checks we have in place.

对我们来说，这基本上意味着对如何跨域通信的关注与 JS SDK 及其资源隔离 - 我们在此基础上构建的任何服务都可以依赖于一个非常简单的 apisend_this_message(message, origin)并且它会“神奇地”结束另一方面，如果我们的原点检查允许的话。

I hope this answers your question!

我希望这回答了你的问题！

(xd_arbiter.php can also serve as a redirect target, where it will use it's sibling proxies to relay the message).

（xd_arbiter.php 也可以用作重定向目标，它将使用它的兄弟代理来中继消息）。

I think the concept can be simple based on if you're ie8+ in your code.

我认为这个概念可以很简单，如果你在你的代码中使用 ie8+。

CORS can be used to communicate cross domain. Make sure the right headers are set at your host and you're good.

CORS 可用于跨域通信。确保在您的主机上设置了正确的标题并且您很好。

Or, create an iframe, set its src as something that passes information to a dynamic script. Process the information. Return JS code to the iframe that uses postMessage to communicate with the outside window.

或者，创建一个 iframe，将其 src 设置为将信息传递给动态脚本的内容。处理信息。将 JS 代码返回给使用 postMessage 与外部窗口通信的 iframe。