Get the top-level domain of a page containing an iframe

Question

I want to allow an iframe to request new data from the server (via ajax), only if the iframe is embedded in particular pages. How can I get the top level domain within an iframe?

At first I was thinking security would be easy, on my server I can simply check the http_referrer which is a standard thing sent with every HTTP request.

But then I realized this http_referrer is actually the domain of my iframe, not the domain that contains the iframe! So if I embedded my_iframe.com in my_site.com, the http_referrer is my_iframe.com, which doesn't help me know who is embedding the page.

So now I'm pursuing this alternative.

Answer was just to do `document.referrer` from the iframe. That gives the containing window regardless of whether it's the same origin. — Don P, Apr 24 '14 at 18:19

score 1 · Accepted Answer · edited May 23 '17 at 12:28

1

You could use window.top to access the top most window and the use the normal location object, however you will run into issues regarding the same origin policy if trying to access an external domain from within your iframe, i suggest you check this community post about the same-origin policy.

window.top.location.href
window.top.location.host

edited May 23 '17 at 12:28

Community

1
1

answered Apr 24 '14 at 18:09

Kyle Needham

3,379
2
24
38

score 0 · Answer 2 · answered Apr 24 '14 at 18:12

0

try {
    alert(window.top.location.origin);
} catch(e) {
    console.log(e.message);
}

answered Apr 24 '14 at 18:12

Ryan

14,392
8
62
102

Get the top-level domain of a page containing an iframe

2 Answers2