28

Here's the situation: there is a site, and it belongs to the client, so it's not on my domain, lets say client.com.

On this site there is an iframe, the source of this iframe is a simple js code, which loads another js (client.js) - this code is on my domain.

What I need to do is to get the exact url of the page where the iframe is. So now I'm trying to fugure out the difference between document.referrer and window.parent.location.href with no luck.

Both give me exactly what I need, but I can't realize what is more reliable? Is there a situation, where one will work and another won't?

k102
  • 7,861
  • 7
  • 49
  • 69

3 Answers3

41

document.referrer gives you the URI of the page that linked to the current page. This is a value that's available for all pages, not just frames.

window.parent gives you the parent frame, and its location is its URI.

If you want to find the URI of the parent frame, then use window.parent.location.

deceze
  • 510,633
  • 85
  • 743
  • 889
  • May `window.parent.location` work incorrectly somehow? And can different domains be a problem? – k102 May 07 '13 at 07:55
  • Not sure I can give an authoritative answer, but if there is no parent frame or your script does not have the correct cross-site permissions to access it it will fail. There's probably a way better solution than sniffing parent frame URIs for all this though, but it's impossible to say without more details. – deceze May 07 '13 at 07:57
  • What details do you need? :) I never experienced any error in this approach, but I want to be sure about it... – k102 May 07 '13 at 08:05
  • Neither `document.referrer` nor `window.parent.location` will work on cross-origin requests. – Alejandro García Iglesias Feb 21 '17 at 17:15
  • document. referer is not working in internet explorer...how to solve this – Soumya Gangamwar May 13 '20 at 16:58
13

The main difference is that the document.referrer will point to the page which linked to the current page inside the iframe. If your iframe content contain links, which allows to navigate through a few pages, then only the first page loaded inside the iframe will have parent frame URI as document.referrer. Each page loaded by clicking link inside the iframe will have the uri of the page containing link in the document.referrer.

At the same time window.parent.location will always contain the URI of the page in parent window, but it will be accessible only if the site origin is the same. Read about relaxing site origin policy to see what should be done on both your and your client sites, so you can access the data.

That being said, I would rather give your client something like a service key or token, which will authorize his site to use your iframed app, and which will authenticate the caller as your client, so you can know that the call is from his site.

Paolo Moretti
  • 54,162
  • 23
  • 101
  • 92
SWilk
  • 3,261
  • 8
  • 30
  • 51
  • Iframe has no content - it's used just to call code loader. Ordinary our clients use this loader directly (just insert `` in the page) but sometimes iframe is the only way – k102 May 07 '13 at 08:19
  • I see. I have assumed that this is some sort of app that one can embed on his page. – SWilk May 07 '13 at 09:32
  • @SWilk: I have links navigation inside my iframe and I am getting URI of iframe application instead of application which contain Iframe, can you please advise how can I get URI of iframe hosted application inside the pages where I am navigating inside the Iframe. – Guarav T. Aug 27 '19 at 15:17
  • @ChupChapCharli: I do not fully understand your problem from this description. Consider posting a question with code examples. Maybe then someone will be able to help – SWilk Aug 29 '19 at 14:29
0

"document.location.ancestorOrigins" is more feasible option.

Pankaj Patel
  • 11
  • 3