0

I have been researching on the same-origin policy constraints on this forum as well as external resources. From the discussions such as Dynamicly set document.domain to iframe and Same-origin policy workaround using document.domain in Javascript I understand that using the document.domain property, we may work-around the same-origin policy constraint if the parent site and the external sites belong to the same root domain.

For example, you may set the document.domain to 'example.com' if the domains of your site and sub-sites are as followin - 

parent site -> main.example.com
child site A (iframe# 1) -> a.example.com
child site B (iframe# 2) -> b.example.com

I have perfectly understood the principle explained in Same-origin policy workaround using document.domain in Javascript and I am confident that it works. My challenge however is that the child sites A and B that I have in my scenario are actually some third-party products that offer a WEB UI. I could configure them under the same root domain as the parent site. However, the fact that I DONOT HAVE ACCESS TO THE SOURCE CODE of these systems, I am not sure how can I set the document.domain for my iframes to the required value.

I have so far tried the below steps but it has not worked for me

  • Set the src of the child iframe to some local content first so that the document loads
  • Using the script in the parent page, set the document.domain property in the iframe to the root domain (i.e. example.com)
  • Finally set the source property of the iframe to the desired child domain i.e. a.example.com

Can somebody suggest what can be done in the scenario that I have? I am sure 'integrating many third-party tools into a single portal' is not a very rare requirement.

Thanks in advance for all your valuable guidance.

Note: Let me clarify that the requirement that I am working upon is genuine and has no other intent than to implement a portal that offers access to multiple tools and systems through it. The systems at the backend are going to be installed in the same data center but will be behind the firewall. Hence those systems will not be accessible directly from the outside.

Community
  • 1
  • 1
Steve
  • 1
  • 1
  • Ask providers of "third party UI" how it is expected to be used on some other domains. In current form the question is too broad (and some may even consider it shady - not sure how you can improve your post so it does not look like "how to create phishing site"). – Alexei Levenkov Nov 07 '15 at 04:35
  • 1
    Thanks Alexei. We have initiated discussions in that directions with the vendors. I would like to stress upon one more time here that my requirement is indeed genuine and legal. – Steve Nov 07 '15 at 04:51

0 Answers0