0

I am creating a webapp interacting with two hosts, both under my management. The main UI is served by one host one.xyz.com, the UI has an iframe which points to another host (two.xyz.com). The main UI needs to retrieve the web content from the iframe and do some processing. But because they (the main UI and the iframe) point to different hosts, cross-domain security protection prevents me from getting the content by using the following code snippet

let iframe = document.querySelector('#dataIFrame');
let content = iframe.contentDocument.children[0].innerHTML

Wonder if there is anything I can do to two.xyz.com and so that its response has some special headers that says, for javascript from one.xyz.com can retrieve the content from iframe pointing to two.xyz.com?

Update1 Forgot to mention that iframe content has HTML/CSS/images, but no javascript.

pktCoder
  • 1,105
  • 2
  • 15
  • 32
  • Do you have access to both source-codes on the hosting? – Alex Jun 29 '18 at 16:05
  • @Alex — See the last 4 words of the first sentence of the question. – Quentin Jun 29 '18 at 16:06
  • @Quentin aren't you a nice person :) Thanks – Alex Jun 29 '18 at 16:06
  • @Quentin I checked the related questions but they don't address the problem I need. Maybe I overlooked. Could you share the link to the SO question that you think is the same to this one? Thanks in advance! – pktCoder Jun 29 '18 at 16:13
  • @pktCoder Look in the big yellow box directly under the question title. – Quentin Jun 29 '18 at 16:15
  • I see it now. Thanks. I have always tend to overseeing things right under my nose :-( – pktCoder Jun 29 '18 at 16:16
  • @Quentin I updated my question by adding one of the key things: no javascript in iframe in my case. Could you remove the "duplicate" label on this question? Thanks! – pktCoder Jun 29 '18 at 16:19
  • @pktCoder — It is still a duplicate. You have simply ruled out the only solution. (Assuming you mean that you cannot add JS to it). – Quentin Jun 29 '18 at 16:33
  • @Quentin I feel someone smart could figure out a solution involving configuring the second host so its response header says something like "I trust first host". Thanks! – pktCoder Jun 29 '18 at 16:37
  • @pktCoder — While you may feel that the answers on the duplicate question do not cover all the options, this is an instance where you would be wrong to trust your feelings. (You could offer a bounty on the duplicate to attract more answers if you really wanted to though). – Quentin Jun 29 '18 at 16:39

0 Answers0