Is it possible to access the source of a sub-domain page I control?
For example: www.example.com/test.html runs javascript that calls up login.example.com and returns the source of login.example.html
Asked
Active
Viewed 167 times
0
-
Possibly relevant: http://stackoverflow.com/questions/648899/a-question-about-cross-domain-subdomain-ajax-request – Christophe Biocca Jan 26 '13 at 03:21
2 Answers
1
This is where it gets fun using document.domain.
example.com/test.html page's html
<script>document.domain = "example.com";</script>
<iframe src="subdomain.example.com/domain.html" style="display:none"></iframe>
<script>
/* make ajax calls or access iframe of the subdomain*/
</script>
HTML for subdomain.example.com/domain.html [page in iframe]
<html>
<head>
</head>
<body>
<script>document.domain = "example.com";</script>
</body>
</html>
epascarello
- 204,599
- 20
- 195
- 236
0
Out of the box, no, it's a security feature on browsers to prevent websites from overusing frames and ajax: it's called the Same Origin Policy
But if you own or manage both domains, you can allow them to share resources by using the HTTP headers: Origin & Access-Control-Allow-Origin, or by using the document.domain property in Javascript.
Nabil Kadimi
- 10,078
- 2
- 51
- 58