-1

So have one url like:

https://subdomain.domain.com/popuppage

I am opening this in popup window using:

window.open("https://subdomain.domain.com/popuppage", null, "height=600,width=800")

Now the same page is opened in new tab after clicking on the link of third party website. The issue is I want to identify that it is being opened by me or third party website. Is there any way to do it?

I have tried by checking window.opener property but in both cases I am getting window.opener and browser doesn't allows me to access any property of window.opener because of CORS policies.

Hriday Modi
  • 2,001
  • 15
  • 22

1 Answers1

0

You can try to access the window.opener.location.href. If it works it is the same domain (hence no third party) and if it fails it most likely is not (hence third party).

  window.onload = function(){
    var _CORS = null;

    try{
      window.opener && window.opener.location.href;
      _CORS = false
      //REM: Edit according to comment
      /*
      _CORS = !(
          !window.opener ||
          (window.opener.location.href && window.location.host === window.opener.location.host)
      )
      */
    }
    catch(err){
      _CORS = true
    };

    alert('Third party: ' + _CORS)
  };

Put this one in https://subdomain.domain.com/popuppage in the <head> or however you want to evaluate it further.

Lain
  • 3,657
  • 1
  • 20
  • 27
  • Yes, It works. But there one more issue, I want to validate for the same domain, subdomain doesn't matter. Here I am able to identify for the same origin only. Any idea? – Hriday Modi Jul 11 '18 at 10:18
  • @Hriday Modi: Isnt that the same unless you explicitly allow CO? Anyway, you may always add an `window.location.host === window.opener.location.host` to the evaluation. – Lain Jul 11 '18 at 11:16
  • No, hosts are different but domain are same. So say `subdomain1.domain.com` opens the popup of url `subdomain2.domain.com`. Here also i get exception because it only allows the same host to access property of parent window. – Hriday Modi Jul 11 '18 at 11:22
  • @Hriday Modi: So you want to allow CO on same domain but with different subdomains, right? – Lain Jul 11 '18 at 11:27
  • Yes, subdomain1 should be able to access parent window of same domain. – Hriday Modi Jul 11 '18 at 11:29
  • @Hriday Modi: I dont think that is something you can influence in javascript. If at all it sounds more like a server setting. https://stackoverflow.com/questions/14003332/access-control-allow-origin-wildcard-subdomains-ports-and-protocols – Lain Jul 11 '18 at 11:33
  • Cool, But your solution solves the problem for different host. Thanks! – Hriday Modi Jul 11 '18 at 11:47