Stack Overflow
Stack Overflow

"Access is denied" JavaScript error when trying to access the document object of a programmatically-created – Bungle Dec 11 '09 at 18:29

  • 1
    Here's a test page illustrating my previous comment: http://troy.onespot.com/static/access_denied_test.html – Bungle Dec 11 '09 at 18:29
  • 1
    Oh great! That's much better! Interesting that doing it directly should work... normally, a javascript: URL would be executed in the context of its parent, but that seems not to be the case with iframe src. You can probably also lose the `void()` call, since the function already returns `undefined`. – bobince Dec 11 '09 at 19:03
  • 1
    Incidentally you get an error reloading the page in IE with this, as IE tries to retain the iframe location... argh. Dunno if there's a way around that. – bobince Dec 11 '09 at 19:05
  • 1
    @bobince: Oh man, you're right. Thanks for pointing that out; I was so excited that it worked the first time that I didn't bother to reload. What do you mean by IE trying to retain the – Bungle Dec 12 '09 at 04:37
  • @bobince - any improvement to this? see question here: http://stackoverflow.com/questions/14879192/jquery-iframe-access-denied-in-ie-on-some-pages – Jason Feb 24 '13 at 21:10
  • A solution may be to insert a different ID in the iframe's src attribute everytime you load the frame, for example `new Date().getTime()`. Horrible but that seems to work. – Jean May 14 '15 at 14:14
    • 18

    Well yes, the access exception is due to the fact that document.domain must match in your parent and your iframe, and before they do, you won't be able to programmatically set the document.domain property of your iframe.

    I think your best option here is to point the page to a template of your own:

    iframe.src = '/myiframe.htm#' + document.domain;

    And in myiframe.htm:

    document.domain = location.hash.substring(1);
    David Hedlund
    • 128,221
    • 31
    • 203
    • 222
    • 3
      Thanks, David - I appreciate what appears to be a solid suggestion, but I'd rather not take this approach unless it's a last resort. If I understand correctly, the template would need to live on the same domain as the parent page (is that right?), and that would complicate implementation for our customers. Ideally the implementation should be as simple as inserting a few lines of JavaScript in their pages' HTML. – Bungle Dec 11 '09 at 08:34
    • 1
      Yes, the solution does require another file on that very domain. I'm afraid that's the best I can come up with, though. – David Hedlund Dec 11 '09 at 08:43
    • 1
      @Bungle: I think it's your only option. – Tim Down Dec 11 '09 at 09:15
    3

    well i actually have a very similar problem, but with a twist... say the top level site is a.foo.com - now i set document domain to a.foo.com

    then in the iframe that i create / own,i also set it too a.foo.com

    note that i cant set them too foo.com b/c there is another iframe in the page pointed to b.a.foo.com (which again uses a.foo.com but i cant change the script code there)

    youll note that im essentially setting document.domain to what it already would be anyway...but i have to do that to access the other iframe i mentioned from b.a.foo.com

    inside my frame, after i set the domain, eventhough all iframes have the same setting, i still get an error when reaching up into the parent in IE 6/7

    there are other things that r really bizaree

    in the outside / top level, if i wait for its onload event, and set a timer, eventually i can reach down into the frame i need to access....but i can never reach from bottom up... and i really need to be able to

    also if i set everything to be foo.com (which as i said i cannot do) IT WORKS! but for some reason, when using the same value as location.host....it doesnt and its freaking killing me.....

    Sean
    • 31
    • 1
    2

    I just use <iframe src="about:blank" ...></iframe> and it works fine.

    jlcooke
    • 51
    • 2
    2

    for IE, the port matters. In between domains, it should be same port.

    Jackie
    • 25,199
    • 6
    • 33
    • 24
    1

    Have you tried jQuery.contents() ?

    Deniss Kozlovs
    • 4,761
    • 2
    • 28
    • 35
    • 1
      Deniss, good suggestion, and thank you - I gave this a shot (see ) but got a similar error; this time it's "Permission denied" within the jQuery script. I suspect it's the same or a similar roadblock. – Bungle Dec 11 '09 at 08:38
    • 1
      Sorry, that URL got mangled. Try: http://troy.onespot.com/static/access_denied_jquery.html – Bungle Dec 11 '09 at 08:39
    • 4
      Why would jQuery have magical access to the iframe's document? – Tim Down Dec 11 '09 at 09:17
    • 9
      @Tim Down: I don't think the assumption was that jQuery would have magical access; rather, jQuery often has some nifty tricks up its sleeve to solve cross-browser issues, and might have already implemented a workaround. I agree it didn't bode well, but I think it was a good suggestions and worth a shot. – Bungle Dec 11 '09 at 10:14
    • This really isn't an answer. It's only a suggestion and would probably be better as a comment on the original post. – Neil Monroe Sep 08 '16 at 19:19
    1

    It seems that the problem with IE comes when you try and access the iframe via the document.frames object - if you store a reference to the created iframe in a variable then you can access the injected iframe via the variable (my_iframe in the code below).

    I've gotten this to work in IE6/7/8

    var my_iframe;
var iframeId = "my_iframe_name"
if (navigator.userAgent.indexOf('MSIE') !== -1) {
  // IE wants the name attribute of the iframe set
  my_iframe = document.createElement('<iframe name="' + iframeId + '">');
} else {
  my_iframe = document.createElement('iframe');
}

iframe.setAttribute("src", "javascript:void(0);");
iframe.setAttribute("scrolling", "no");
iframe.setAttribute("frameBorder", "0");
iframe.setAttribute("name", iframeId);

var is = iframe.style;
is.border = is.width = is.height = "0px";

if (document.body) {
  document.body.appendChild(my_iframe);
} else {
  document.appendChild(my_iframe);
}
    Bill the Lizard
    • 398,270
    • 210
    • 566
    • 880
    user299340
    • 19
    • 1
    1

    I had a similar issue and my solution was this code snippet (tested in IE8/9, Chrome and Firefox)

    var iframe = document.createElement('iframe');
document.body.appendChild(iframe);

iframe.src = 'javascript:void((function(){var script = document.createElement(\'script\');' +
  'script.innerHTML = "(function() {' +
  'document.open();document.domain=\'' + document.domain +
  '\';document.close();})();";' +
  'document.write("<head>" + script.outerHTML + "</head><body></body>");})())';

iframe.contentWindow.document.write('<div>foo</div>');

    I've tried several methods but this one appeared to be the best. You can find some explanations in my blog post here.

    Zoltan Kochan
    • 5,180
    • 29
    • 38
    1

    Following the exceedingly simple method from Andralor here fixed the issue for me: https://github.com/fancyapps/fancyBox/issues/766

    Essentially, call the iframe again onUpdate:

    $('a.js-fancybox-iframe').fancybox({
    type: 'iframe',
    scrolling : 'visible',
    autoHeight: true,
    onUpdate: function(){
     $("iframe.fancybox-iframe");
   }
 });
    Tim Denison
    • 171
    • 1
    • 2
    • 13
    0

    Setting the document.domain property in the parent page isn't enough. Both the parent and child must use the same https/http protocol. Also, the port must be the same (as mentioned here in another answer).

    So, for example if you navigate to

    http://subdomain1.yoursite.com/parent.htm

    and the child iframe is loaded from

    httpS://subdomain2.yoursite.com/child.htm

    then access will be denied from child to parent.

    Tom McDonald
    • 1,532
    • 2
    • 18
    • 37
    -2

    IE works with iframe like all the other browsers (at least for main functions). You just have to keep a set of rules:

    • before you load any javascript in the iframe (that part of js which needs to know about the iframe parent), ensure that the parent has document.domain changed.

    • when all iframe resources are loaded, change document.domain to be the same as the one defined in parent. (You need to do this later because setting domain will cause the iframe resource's request to fail)

    • now you can make a reference for parent window: var winn = window.parent

    • now you can make a reference to parent HTML, in order to manipulate it: var parentContent = $('html', winn.document)
    • at this point you should have access to IE parent window/document and you can change it as you wont
    Ionut Tocila
    • 5
    • 2
    -10

    For me I found the better answer was to check the file permissons that access is being denied to.

    I just update to jQuery-1.8.0.js and was getting the Access Denied error in IE9.

    From Windows Explorer

    • I right clicked on the file selected the Properties
    • Selected the Security Tab
    • Clicked the Advanced Button
    • Selected the Owner Tab
    • Clicked on Edit Button
    • Selected Administrators(MachineName\Administrators)
    • Clicked Apply
    • Closed all the windows.

    Tested the site. No more issue.

    I had to do the same for the the jQuery-UI script I had just updated as well

    Hooded
    • 7
    • 1