0

I'm using Angular 8 as FrontEnd (with Typescript) and dotnet as BackEnd.

Let's say I have a website A: www.Awebsite.com , and inside it there is an iFrame.

The source of this iFrame, it points to my backend, something like: www.api.com/data/index.html

That means browser treats anything inside this iFrame as origin www.api.com . Problem is that I need to access a certain button inside this iFrame, to check if it is disabled or not, but I keep getting this error:

ERROR DOMException: Blocked a frame with origin "www.Awebsite.com" from accessing a cross-origin frame.main-es2015.8aeb453df645af9bc22d.js:2

Let's say I can't edit this index.html and add postMessage, because it is an autogenerated file from a desktop software (just discard any option about adding code inside this index) and let's say the file needs to stay with API_URL + file_name, because as it is structured I need it in that way (it goes automatically to call api and retrieve all the file it needs to run, because it takes the API_URL and then it change automatically the file_name)

Is there anything I can do? I own both FrontEnd and BackEnd, all the environment is deployed and I can edit any configuration I need on both FE or BE (CORS or nginx as well)

jub0bs
  • 60,866
  • 25
  • 183
  • 186
Raso
  • 1
  • 1
  • Does this answer your question? [Cross domain iframe issue](https://stackoverflow.com/questions/9393532/cross-domain-iframe-issue) – jonas Aug 30 '23 at 14:00
  • Not at all, it says to add postMessage, but as I said I cannot do that, because the index.html it is autogenerated and I cannot add a postmessage there – Raso Aug 30 '23 at 14:02
  • It also says: "If you don't have control over the framed site, you cannot circumvent the cross-domain policy." – jonas Aug 30 '23 at 14:11
  • CORS is only concerned with network access, not object access (e.g. between a document and one of its iframes). – jub0bs Aug 30 '23 at 14:55

0 Answers0