admin管理员组

文章数量:1427810

I'm basically trying to display a second website, belonging to the same organization but hosted on a different domain name, in an Iframe. And I'm trying to pass in some data from the iframe to the parent frame.

Parent frame = foo,

Iframe = bar

If I try to pass in the data from the iframe via parent.setData( data ), that gives me a same-origin policy error.

So I made a wrapper around this code, hosted at foo/js/wrapper.js, which contains this function:

var Foo = {};
Foo.setData = function(data)
{
    parent.setData(data);
}

So now my Iframe on bar is doing:

<script src=".js"></script>
<script>
   Foo.setData( someData );
</script>

However, even that is giving me a security error on the parent.setData line, even through wrapper.js is hosted on the parent domain.

Is there any other way to overe this?

I'm basically trying to display a second website, belonging to the same organization but hosted on a different domain name, in an Iframe. And I'm trying to pass in some data from the iframe to the parent frame.

Parent frame = foo.,

Iframe = bar.

If I try to pass in the data from the iframe via parent.setData( data ), that gives me a same-origin policy error.

So I made a wrapper around this code, hosted at foo./js/wrapper.js, which contains this function:

var Foo = {};
Foo.setData = function(data)
{
    parent.setData(data);
}

So now my Iframe on bar. is doing:

<script src="http://foo./js/wrapper.js"></script>
<script>
   Foo.setData( someData );
</script>

However, even that is giving me a security error on the parent.setData line, even through wrapper.js is hosted on the parent domain.

Is there any other way to overe this?

  • javascript
  • iframe
  • same-origin-policy
Share Improve this question asked Feb 21, 2014 at 17:07 AliAli 268k269 gold badges592 silver badges786 bronze badges 6
  • 1 developer.mozilla/en-US/docs/Web/API/Window.postMessage – Quentin Commented Feb 21, 2014 at 17:10
  • @Quentin Any chance of any example code? – Ali Commented Feb 21, 2014 at 17:17
  • There's an entire subsection on that page titled "Example"! – Quentin Commented Feb 21, 2014 at 17:21
  • @Quentin Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('foo.') does not match the recipient window's origin ('bar.'). – Ali Commented Feb 21, 2014 at 17:22
  • Sounds like you gave postMessage's second argument the wrong value. – Quentin Commented Feb 21, 2014 at 17:24
 |  Show 1 more ment

2 Answers 2

Reset to default 6

You are looking for postMessage, read up on that here: https://developer.mozilla/en-US/docs/Web/API/Window.postMessage

Edit: sorry, didn't see all of the ments saying the same thing

Another fun way to get around this policy is to hijack the child window.location.hash, as it is also visible to both scripting engines.

本文标签: javascriptHow to overcome sameoriginpolicy from iframeStack Overflow

版权声明:本文标题:javascript - How to overcome same-origin-policy from iframe? - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1745502549a2661098.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。