admin管理员组

文章数量:1390775

I want to read window.top.location.origin from inside an iFrame.
The parent and iFrame are on different HTTPS domains.
Trying to access that throws a security error in Chrome for example.
[DOMException: Blocked a frame with origin "..." from accessing a cross-origin frame.]

Is it at all possible to do that without triggering the error?

I need window.top's origin because I send different postMessages based on that origin.

I want to read window.top.location.origin from inside an iFrame.
The parent and iFrame are on different HTTPS domains.
Trying to access that throws a security error in Chrome for example.
[DOMException: Blocked a frame with origin "..." from accessing a cross-origin frame.]

Is it at all possible to do that without triggering the error?

I need window.top's origin because I send different postMessages based on that origin.

  • javascript
  • iframe
  • cross-domain
  • postmessage
Share Improve this question asked Oct 3, 2014 at 17:34 FranciscFrancisc 80.6k65 gold badges185 silver badges278 bronze badges 4
  • what kind of error do you get in the console? – user123_456 Commented Oct 3, 2014 at 17:36
  • I'll update the question. – Francisc Commented Oct 3, 2014 at 17:38
  • you need to get a message from the parent, and then you can see the origin from the message properties. it's like replying to an email you didn't used to have the address for. – dandavis Commented Oct 3, 2014 at 18:07
  • Yup, I know that. But I'm trying do initiate the munication from the child iFrame. e.g. "I'm loaded and ready to listen for events" – Francisc Commented Oct 3, 2014 at 19:18
Add a ment  | 

2 Answers 2

Reset to default 6

I know this is old, but maybe it helps others:

The full Parent URL will appear to the <iframe/> as document.referrer. With that, you can parse it locally to find the URL specifics you may need.

if (document.referrer !== location.href) {
  let foo = document.createElement('a');
  foo.href = document.referrer;
  console.log('origin is:', foo.origin);
}

Of course, this is thanks to the anchor tag's built-in parsing. Hidden gem~!

Because of the same-origin policy, JavaScript in an iframe from a different origin will not be able to municate with its parent frame. If you have access to the server that serves the iframe, you can enable CORS, otherwise I think you are out of luck

本文标签: javascriptGet parent document origin for crossdomain HTTPS iFrameStack Overflow

版权声明:本文标题:javascript - Get parent document origin for cross-domain HTTPS iFrame - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1744702945a2620667.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。