9

I have an iframe that injects in pages, called him "helper". So due to same origin policy I need to set iframe domain the same is parent window domain. But I can't get access to parent window domain. How can it be solved?

This code is currently working for 2nd level domains:

pathArray = window.location.host.split('.');
var arrLength = pathArray.length;
var domainName = pathArray.slice(arrLength - 2, arrLength).join('.');
document.domain = domainName;

but I need to somehow get it from parent window rather than relying on 2nd level domain

Kobi
  • 135,331
  • 41
  • 252
  • 292
Suhan
  • 1,434
  • 2
  • 13
  • 28
  • Your iframe comes from another server? then it does not matter what you set document.domain to. It has to come from that domain – mplungjan Mar 11 '13 at 06:10
  • 2
    If the last parts of the domain is not the same, then forget it. It is used to match sales.domain.com to shopping.domain.com and not site.sales.com with site.shopping.com – mplungjan Mar 11 '13 at 06:28
  • yes it will be the same, i just dot know hot to obtain it from parent window. – Suhan Mar 11 '13 at 06:31
  • Also, you might be interested in stripping port number like this: document.domain = domainName.split(":")[0]; – Guillaume Nov 15 '13 at 16:14

4 Answers4

8

I do not know if it will help but i use this in iframe

 try {
    var domainName = window.parent.parent.iframeData.domainName;
}
//Access violation
catch (err) {
    document.domain = window.location.hostname.replace('www.', '');
}

So i check if domain already set we have exception ang try to guess domain, in either case, there is no need to set a domain

EDIT: More correctly to use post message to set domain if needed

Kobi
  • 135,331
  • 41
  • 252
  • 292
Suhan
  • 1,434
  • 2
  • 13
  • 28
6

In short, it can't. Setting document.domain only works when the iFrame and containing window are actually part of the same domain. If a browser were to let you set document.domain to something other than the domain you were actually on, it would be a security violation. Consider, any malicious script could just say 'No really, trust me on this one' and the browser would essentially be saying, 'Oh, okay, since you asked so nicely, here's all the permission you want'.

document.domain can only be set to a parent domain of the actual domain of the page. If an iFrame and a containing window don't share at least that, then no browser will allow them to cross talk.

Unless I've misunderstood your question. Feel free to post some examples to clarify.

Patrick M
  • 10,547
  • 9
  • 68
  • 101
1

Assuming you parent can be a.domain.com and your iframe is b.domain.com - then you can do what your are attempting. If you MUST know what the parent is, pass it in the iframe src attribute or try document.referrer

mplungjan
  • 169,008
  • 28
  • 173
  • 236
  • For example i have 6.weather.ch parent domain, and if i use my code i have iframe domain weather.ch, and permission denied – Suhan Mar 11 '13 at 06:35
  • Then parent code has to set HIS document.domain to "weather.ch" or ".weather.ch" (I can't remember if it is with leading dot or not) – mplungjan Mar 11 '13 at 09:15
0

add document.domain = 'your.domain' in both the pages.

like this. don't forget both parent.top

document.domain = 'corp.local'; only parent like

document.domain = 'corp'; won't work.

As I've mentioned here. javascript get iframe url's current page on subdomain

this document helped. http://javascript.info/tutorial/same-origin-security-policy

Community
  • 1
  • 1
Mashhoor Gulati
  • 127
  • 3
  • 13