$('iframe').content(): Cannot get CORS passed

Question

I have an iframe on http://mysite.dev:3000, and a script on this page will set the iframe src attribute to http://mysite.dev:5000/somepage.html.

After the iframe gets loaded, I want to access its contents by using this script (on http://mysite.dev:3000):

$('iframe').load(function() {
    $('iframe').contents();
});

And I always get the error:

Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin.

Event though, the response header from http://mysite.dev:5000/somepage.html follows CORS guideline:

Accept-Ranges:bytes
access-control-allow-credentials:true
access-control-allow-headers:Authorization, X-Requested-With, Content-Type, Origin, Accept
access-control-allow-methods:GET,PUT,POST,DELETE,OPTIONS
access-control-allow-origin:*
Cache-Control:public, max-age=0

I read several questions on SO and follow them, still it didn't work.

Where are you getting those header values from? Wireshark on the packet? Might be good to see the actual code sending the response. — Rhys, Jul 21 '14 at 10:01
It is set on server: res.header('Access-Control-Allow-Origin', config.allowedDomains); res.header('Access-Control-Allow-Methods', 'GET,PUT,POST,DELETE'); res.header('Access-Control-Allow-Headers', 'Content-Type'); next(); — Khanh Tran, Jul 21 '14 at 10:12

score 0 · Answer 1 · answered Mar 29 '18 at 20:12

0

The cors headers don't apply to iframes. You need to use the postMessage method to transfer data across different domains. see Cross domain iframe issue

answered Mar 29 '18 at 20:12

claya

1,920
1
18
32

$('iframe').content(): Cannot get CORS passed

1 Answers1