1

I am adding access to the website of the hr department of my company to our divisions website using an iframe. Everything works except if the user is not already logged in the javascript password application does not run. I've read that this is due to the Same Origin policy but have not been able to find a successful way of dealing with it. Is there some snippet of code I can add to the iframe to prevent it from blocking the other sites javascript?

WyldStallyns
  • 201
  • 1
  • 5
  • 19

3 Answers3

2

Both pages must share the same document.domain to script in to each other.

https://developer.mozilla.org/en/document.domain

https://developer.mozilla.org/en/Same_origin_policy_for_JavaScript

If your parent page is under the domain "myArea.myCompany.net" and the HR page in your iframe is under "theirArea.myCompany.net", you can set both document.domains to "myCompany.net" and they would then be able to script in to each other.

jbabey
  • 45,965
  • 12
  • 71
  • 94
1

The same origin policy means that can not access a frame from another domain. Be that an iframe, or the frame above you or anywhere else in the window.

The aim is to protect the user. Any site could add an iframe that loads www.facebook.com and if you're logged in extract your realname and your friends etc. just by reading the HTML. The same origin policy is there to prevent this.

There is no way around it (and if there is, it's a bug). The only solution is to avoid the problem by having both of the pages hosted on the same domain.

Halcyon
  • 57,230
  • 10
  • 89
  • 128
0

Do you have to use and IFRAME? Why cant you simply link to the HR site from the Division website or display it within a popped-up window.

There's no snippet of code that will turn of the same origin policy, but maybe CORS (http://en.wikipedia.org/wiki/Cross-origin_resource_sharing) can help you.

Cheers

Neil
  • 2,688
  • 1
  • 23
  • 32