2

I have a sandboxed iframe defined like so:

<iframe sandbox="allow-same-origin allow-scripts allow-popups allow-forms allow-modals" src="...">
</iframe>

When I set document.domain inside the iframe, I get the following error:

Uncaught DOMException: Failed to set the 'domain' property on 'Document': Assignment is forbidden for sandboxed iframes.

How can I allow document.domain to be set within the iframe?

Ben Davis
  • 13,112
  • 10
  • 50
  • 65
  • This maybe could help https://stackoverflow.com/questions/7796767/is-it-possible-to-alter-one-frame-from-another-using-javascript https://stackoverflow.com/questions/7796767/is-it-possible-to-alter-one-frame-from-another-using-javascript – farvilain Nov 05 '20 at 01:43
  • 3
    don't `sandbox` the iframe ... that's the ONLY way. [document](https://developer.mozilla.org/en-US/docs/Web/API/Document/domain#Failures) states that setting document.domain inside a sandboxed iframe will fail - no if's, it just fails - therefore you can't have your cake (sandbox) and eat it (set document.domain) too :p – Jaromanda X Nov 05 '20 at 01:44
  • 1
    Note that since [you are willing to set this document.domain to allow access between the two contexts](https://stackoverflow.com/questions/64689766/allow-cross-domain-access-to-window-object-to-parent-iframe-w-o-postmessage), the sandbox is completely useless: The iframe could remove its own sandbox attributes. So as has been said in the previous comment, don't set the sandbox at all if it's really the way you want to go. But in your position, I would reconsider the why I can't use postMessage. Filtering the few non clonable values isn't that hard. – Kaiido Nov 05 '20 at 04:51
  • That makes sense. Thanks! – Ben Davis Nov 05 '20 at 16:35

1 Answers1

0

(answering my own question thanks to comments)

Since you are willing to set the document.domain to allow access between the to contexts, that defeats the purpose of the sandbox altogether. So, there is no point in sandboxing the iframe in the first place.

Ben Davis
  • 13,112
  • 10
  • 50
  • 65