科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - How to overcome same-origin-policy from iframe? - Stack Overflow

    javascript - How to overcome same-origin-policy from iframe? - Stack Overflow

    programmeradmin0浏览0评论

    I'm basically trying to display a second website, belonging to the same organization but hosted on a different domain name, in an Iframe. And I'm trying to pass in some data from the iframe to the parent frame.

    Parent frame = foo,

    Iframe = bar

    If I try to pass in the data from the iframe via parent.setData( data ), that gives me a same-origin policy error.

    So I made a wrapper around this code, hosted at foo/js/wrapper.js, which contains this function:

    var Foo = {};
Foo.setData = function(data)
{
    parent.setData(data);
}

    So now my Iframe on bar is doing:

    <script src=".js"></script>
<script>
   Foo.setData( someData );
</script>

    However, even that is giving me a security error on the parent.setData line, even through wrapper.js is hosted on the parent domain.

    Is there any other way to overe this?

    I'm basically trying to display a second website, belonging to the same organization but hosted on a different domain name, in an Iframe. And I'm trying to pass in some data from the iframe to the parent frame.

    Parent frame = foo.,

    Iframe = bar.

    If I try to pass in the data from the iframe via parent.setData( data ), that gives me a same-origin policy error.

    So I made a wrapper around this code, hosted at foo./js/wrapper.js, which contains this function:

    var Foo = {};
Foo.setData = function(data)
{
    parent.setData(data);
}

    So now my Iframe on bar. is doing:

    <script src="http://foo./js/wrapper.js"></script>
<script>
   Foo.setData( someData );
</script>

    However, even that is giving me a security error on the parent.setData line, even through wrapper.js is hosted on the parent domain.

    Is there any other way to overe this?

    • javascript
    • iframe
    • same-origin-policy
    Share Improve this question asked Feb 21, 2014 at 17:07 AliAli 268k269 gold badges592 silver badges786 bronze badges 6
    • 1 developer.mozilla/en-US/docs/Web/API/Window.postMessage – Quentin Commented Feb 21, 2014 at 17:10
    • @Quentin Any chance of any example code? – Ali Commented Feb 21, 2014 at 17:17
    • There's an entire subsection on that page titled "Example"! – Quentin Commented Feb 21, 2014 at 17:21
    • @Quentin Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('foo.') does not match the recipient window's origin ('bar.'). – Ali Commented Feb 21, 2014 at 17:22
    • Sounds like you gave postMessage's second argument the wrong value. – Quentin Commented Feb 21, 2014 at 17:24
     |  Show 1 more ment

    2 Answers 2

    Reset to default 6

    You are looking for postMessage, read up on that here: https://developer.mozilla/en-US/docs/Web/API/Window.postMessage

    Edit: sorry, didn't see all of the ments saying the same thing

    Another fun way to get around this policy is to hijack the child window.location.hash, as it is also visible to both scripting engines.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论