3

I have this frame i cannot access,from initial inspection of the frame i noticed the frame contained a #document then i wrote a code to access the frame. 

$body = document.body;    
$body.children[3];    
$yo = $body.children[3];
$yo.children[0];    
$next = $yo.children[0];    
$next.children[3];    
$plus = $next.children[3];    
$plus.children[0];    
$star = $plus.children[0];    
$star.children[0];    
$staragain = $star.children[0];    
$staragain.children[1];    
$nextstar = $staragain.children[1];    
$nextstar.children[1];    
$afternext = $nextstar.children[1];    
$afternext.contentWindow;

The last line returns restricted,and
iframe.contentDocumentreturns null. Then i tried to access the frame document which is a #document withiframe.children[0]it returned undefined,then i left the array open but nothing happened.All codes i run on the frame returns undefined how do i access this frame #document?yoyoyo.

Tobisky
  • 47
  • 1
  • 6

1 Answers1

3

iframe.contentWindow.document but only if the origin is the same, because of Same-origin policy.

Emeeus
  • 5,072
  • 2
  • 25
  • 37
  • How do i set the origin if the origin is not the same? – Tobisky Jun 23 '18 at 21:12
  • Unfortunately or fortunately we can't set the origin. If you need to access to document of other origin, there are two ways, perform an ajax GET/POST request only if server have Access-Control-Allow-Origin: yourDomine ( or *) https://developer.mozilla.org/es/docs/Web/HTTP/Headers/Access-Control-Allow-Origin OR perform a GET/POST from server side – Emeeus Jun 23 '18 at 21:18
  • i know how to configure an XHR but i don't know how to access the Access-Control-Allow-Origin header... – Tobisky Jun 23 '18 at 21:24
  • it's a server side header, if you don't control the server or this header is not present, the only way is perform a GET/POST from server side, not a browser. If you control the server it depends of the server code, but it's really easy. – Emeeus Jun 23 '18 at 21:29
  • Example in php: header('Access-Control-Allow-Origin: *'); – Emeeus Jun 23 '18 at 21:32
  • How do i know if this header is present? – Tobisky Jun 23 '18 at 21:32
  • Enter the page with the browser (if possible) open console (usually F12) search network and reload the page. look for the resource, for example index.html and look for response headers. Example: this site https://enable-cors.org/server_php.html has Access-Control-Allow-Origin: * header – Emeeus Jun 23 '18 at 21:41
  • It's not present. – Tobisky Jun 23 '18 at 21:48
  • Can i request for it? – Tobisky Jun 23 '18 at 21:51
  • The only way is GET/POST from server side – Emeeus Jun 23 '18 at 21:51
  • I run iis,How do i do this from the server side? – Tobisky Jun 23 '18 at 21:56
  • .net ? https://stackoverflow.com/questions/27108264/c-sharp-how-to-properly-make-a-http-web-get-request – Emeeus Jun 23 '18 at 22:22
  • you have any idea how i can run those codes on iis? – Tobisky Jun 24 '18 at 22:50