javascript 将 cookie 设置为 iframe src
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22866080/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Setting cookie to an iframe src
提问by FabKremer
I have an iframe that loads an external page, that needs to be logged to make appear what I want. Actually, if i set the iframe the normal way, the iframe loads the external-domain-login page. What I actually have is something like this:
我有一个加载外部页面的 iframe,需要记录该页面才能显示我想要的内容。实际上,如果我以正常方式设置 iframe,iframe 会加载外部域登录页面。我实际拥有的是这样的:
What I need to do is to set some cookies for that source to make pretend the external domain I'm "logged". That can be done (or what I think this can be done) is setting to the request the cookies that the login response gave me.
我需要做的是为该源设置一些 cookie 以假装我“登录”的外部域。可以做到的(或者我认为可以做到的)是将登录响应给我的 cookie 设置为请求。
I'm actually able to get those cookies, but don't know how to set them to the URL from the iframe.
我实际上能够获取这些 cookie,但不知道如何将它们设置为 iframe 中的 URL。
Thoughts?
想法?
Thanks!
谢谢!
回答by jfriend00
If the iframe is on a separate domain, you can't access it directly via javascript from your other domain so you won't be able to directly transfer your cookie from domain1 to domain2 using javascript.
如果 iframe 位于单独的域中,则您无法通过其他域中的 javascript 直接访问它,因此您将无法使用 javascript 将 cookie 从域 1 直接传输到域 2。
If you control code in both domains, then there are some workarounds. Here's one method that uses a single place to login and the login credential is transferred via URL parameters: Cross Domain Login - How to login a user automatically when transferred from one domain to another
如果您控制两个域中的代码,则有一些变通方法。这是一种使用单一位置登录并通过 URL 参数传输登录凭据的方法: 跨域登录 - 如何在用户从一个域转移到另一个域时自动登录
You could conceivably use the URL transfer mechanism by logging in on the first domain and then setting the .srcURL in the iframe to have the login credential in the URL. When the second domain loaded in the iframe, it would see the login credential in the URL, grab it, turn it into a cookie value that it wrote on itself and the refresh itself (thus now looking logged in). You will obviously need to control javascript in both domains to use either of these techniques because one domain's javascript can't put a cookie into the other domain directly.
您可以通过登录第一个域,然后.src在 iframe 中设置URL 以在 URL 中包含登录凭据来使用 URL 传输机制。当第二个域加载到 iframe 中时,它会在 URL 中看到登录凭据,抓取它,将其转换为它自己写的 cookie 值和刷新本身(因此现在看起来已登录)。您显然需要控制两个域中的 javascript 才能使用这些技术中的任何一种,因为一个域的 javascript 不能直接将 cookie 放入另一个域。
Another way that two cooperating domains can communicate is with window.postMessage()so the login credentials could be sent to the iframe window. It's javascript would have to receive the message and turn it into a cookie and then refresh it's page so that the server saw the login cookie on the 2nd domain.
两个合作域可以通信的另一种方式是window.postMessage()将登录凭据发送到 iframe 窗口。它的 javascript 必须接收消息并将其转换为 cookie,然后刷新它的页面,以便服务器看到第二个域上的登录 cookie。
