iframe same origin policy issue

Question

I am getting following error ,when trying to read iframe content whose src is other domain

SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "https://qa-xxx.abc.com" from accessing a frame with origin "https://yyy.abc.com". Protocols, domains, and ports must match.

Now Suppose right now i am in https://qa-xxx.abc.com doamin and my iframe code is

<iframe src="https://yyy.abc.com" style="height: 100%; width: 105%;" id="id_description_iframe"></iframe>

while searching i found this solution Access-Control-Allow-Origin not working for iframe withing the same domain

So i did like that document.domain = 'abc.com'

Still same Issue,Any Solution will be Helpfull.

If you don't control code in iframe you can't do anything inside it. do you control both? — charlietfl, Jul 05 '16 at 13:27
@charlietfl i didnt get you,what do you mean by code control of iframe — user3106347, Jul 05 '16 at 13:46
Simple... is iframe on domain that you control and you are able to put code into that page? — charlietfl, Jul 05 '16 at 13:48
yes i have access to https://qa-xxx.abc.com ,and i am only deploying my code there.. — user3106347, Jul 05 '16 at 13:50
What exactly do you need to do between the 2? I have used document.domain in the past. But postMessage API is also useful api — charlietfl, Jul 05 '16 at 13:53
if i am trying to read content of iframe its showing above error $("#id_description_iframe").contents().find("body").html() — user3106347, Jul 05 '16 at 14:07
did you put `document.domain` in both pages? ALso what exactly are you needing to do between the 2 windows? — charlietfl, Jul 05 '16 at 14:36
basically you are saying in https://yyy.abc.com and https://qa-xxx.abc.com right?yes i put it — user3106347, Jul 05 '16 at 14:40
yes ... i have done that successfully in the past. Still haven't answered what exactly you need to be able to do. Glad to help but only if you answer questions — charlietfl, Jul 05 '16 at 14:41
need to ask last thing in iframe src="yyy.abc.com/contact.html" do i need to add document.domain = 'abc.com' in contact.html also — user3106347, Jul 05 '16 at 14:51
well any page you load in iframe that you want to get inside...rules are the same. for minor issues though...using postMessage is safer — charlietfl, Jul 05 '16 at 14:57

score 0 · Answer 1 · answered Jul 05 '16 at 17:31

0

You're violating Same Origin Policy. Add: document.domain = abc.com to both of the pages. Either directly in a script tag, or in a referenced js file.

answered Jul 05 '16 at 17:31

Cooper Buckingham

2,503
2
15
23

iframe same origin policy issue

1 Answers1