Cross-domain javascript on an iframe without access to the target iframe?

Question

After reading this compendium of methods here Ways to circumvent the same-origin policy it's apparent that any workaround requires modification of the target iframe code to get communications across domains.

Unfortunately on this project I'm working on I may only modify the parent page's code, the iframe is provided from another source and is untouchable by us. Are there any methods that don't require modifications to the iframe code?

I will be solving the same problem at the problem at the weekend, I will update you if I get functional results. — Owen Beresford, Aug 02 '13 at 07:13

score 1 · Answer 1 · answered Aug 02 '13 at 07:11

The only solution then is to fetch the iframe content from your server, either through a proxy or through specific code, and serve it yourself so that the browser only sees one origin.

But be aware that this usually breaks the rules or contract of normal use of the site providing the iframe. If they didn't include CORS headers to allow inclusion and access, there's probably a reason.

score 0 · Answer 2 · answered Aug 02 '13 at 07:11

0

No, there cant be such a method, that would kill the security.

answered Aug 02 '13 at 07:11

Yaroslav Yakovlev

6,303
6
39
59

Cross-domain javascript on an iframe without access to the target iframe?

2 Answers2