15

For some reason chrome doesn't support document.domain any more and spits out an error when the line is read in the iframe containing a subdomain and the subdomain containing the iframe. Is there anyway around this?

Error: Uncaught Error: SECURITY_ERR: DOM Exception 18

Trevor
  • 1,333
  • 6
  • 18
  • 32

2 Answers2

18

Document domain should be lowercase and the rules are like this:

// Actual domain is "www.foo.com" 
document.domain = "foo.com"; // this is valid 

// Actual domain is "bar.foo.com" 
document.domain = "www.foo.com"; // this is invalid, "bar.foo.com" is not a subdomain of "www.foo.com" 

// Actual domain is "blah.bar.foo.com" 
document.domain = "bar.foo.com" // Ok 
document.domain = "foo.com" // Still ok 
document.domain = "bar.foo.com" // Invalid, you can't change it back to a more specific domain.
Brian Webster
  • 30,033
  • 48
  • 152
  • 225
Ole
  • 296
  • 3
  • 4
  • 1
    Just in case anyone is looking for a reference: https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy – juminoz Feb 01 '17 at 16:55
0

document.domain should work for iframes as long as you're on the same domain:

iframe=document.querySelector('iframe');
console.log(iframe.contentDocument.domain)

If you're trying to access the document of an iframe that's on a different domain than the parent frame, you'll get the security error you're seeing.

Note that subdomains are considered different domains too, so you'll run into cross domain issues: A question about cross-domain (subdomain) ajax request

Community
  • 1
  • 1
Boris Smus
  • 8,220
  • 2
  • 36
  • 33