Same-origin policy error

Question

I'd like to learn about Same-origin policy. There is a site talking about it. But there have to be sth. wrong with the first example because i got an error Illegal document.domain value

Here is the problematic code:

The parent site located at http://www.qnimate.com/parent.html:

<iframe src="http://www.blog.qnimate.com/child.html" id="myIFrame"></iframe>
<script>
window.document.domain = "www.qnimate.com";//you also need to set the parent's document.domain variable
window.document.getElementById("myIFrame").contentWindow.document.body.style.backgroundColor = "red";//this access is allowed by default
</script>

and iframe located at http://www.blog.qnimate.com/child.html:

<script>
window.document.domain = "www.qnimate.com"; //if we remove this line then the below line will not work and throw a same origin policy exception.
window.parent.document.body.style.backgroundColor = "blue";
</script>

score 0 · Answer 1 · answered Oct 20 '17 at 18:04

0

You can only set document.domain to a superdomain of the current domain. You can remove components from the left-hand end.

The current domain is www.blog.qnimate.com so it can be set to blog.qnimate.com or qnimate.com.

You can't remove components in the middle, so you can't have www.qnimate.com.

To communicate across different origins through an iframe, use postMessage as described in this question.

answered Oct 20 '17 at 18:04

Quentin

914,110
126
1,211
1,335

@Mulligun81 — Yes. The example code that you observed throws an error is not correct. – Quentin Oct 22 '17 at 09:02

Same-origin policy error

1 Answers1