javascript 动态设置 document.domain 为 iframe
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/15332115/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Dynamically set document.domain to iframe
提问by Suhan
I have an iframe that injects in pages, called him "helper". So due to same origin policy I need to set iframe domain the same is parent window domain. But I can't get access to parent window domain. How can it be solved?
我有一个注入页面的 iframe,称他为“帮手”。因此,由于同源策略,我需要将 iframe 域设置为与父窗口域相同。但我无法访问父窗口域。如何解决?
Update #1
更新 #1
This code is currently work for 2nd level domains:
此代码目前适用于二级域:
pathArray = window.location.host.split('.');
var arrLength = pathArray.length;
var domainName = pathArray.slice(arrLength - 2, arrLength).join('.');
document.domain = domainName;
pathArray = window.location.host.split('.');
var arrLength = pathArray.length;
var domainName = pathArray.slice(arrLength - 2, arrLength).join('.');
document.domain = domainName;
but I need to somehow get it from parent window rather than relying on 2nd level domain
但我需要以某种方式从父窗口获取它而不是依赖于二级域
采纳答案by Suhan
I do not know if it will help but i use this in iframe
我不知道它是否有帮助,但我在 iframe 中使用它
try {
var domainName = window.parent.parent.iframeData.domainName;
}
//Access violation
catch (err) {
document.domain = window.location.hostname.replace('www.', '');
}
So i check if domain already set we have exception ang try to guess domain, in either case, there is no need to set a domain
所以我检查域是否已经设置我们有异常并尝试猜测域,在任何一种情况下,都不需要设置域
EDIT: More correctly to use post message to set domain if needed
编辑:如果需要,更正确地使用发布消息来设置域
回答by Patrick M
In short, it can't. Setting document.domainonly works when the iFrame and containing window are actually part of the same domain. If a browser were to let you set document.domainto something other than the domain you were actually on, it would be a security violation. Consider, any malicious script could just say 'No really, trust me on this one' and the browser would essentially be saying, 'Oh, okay, since you asked so nicely, here's all the permission you want'.
简而言之,它不能。document.domain仅当 iFrame 和包含窗口实际上是同一域的一部分时,设置才有效。如果浏览器让您设置document.domain为您实际所在的域以外的其他内容,则将违反安全性。考虑一下,任何恶意脚本都可能会说“真的不,请相信我这个”,而浏览器基本上会说,“哦,好吧,既然你问得这么好,这就是你想要的所有许可”。
document.domaincan only be set to a parent domain of the actual domain of the page. If an iFrame and a containing window don't share at least that, then no browser will allow them to cross talk.
document.domain只能设置为页面实际域的父域。如果 iFrame 和包含窗口至少不共享那个,那么浏览器将不允许它们进行串扰。
Unless I've misunderstood your question. Feel free to post some examples to clarify.
除非我误解了你的问题。随意张贴一些例子来澄清。
回答by mplungjan
Assuming you parent can be a.domain.comand your iframe is b.domain.com- then you can do what your are attempting.
If you MUST know what the parent is, pass it in the iframe src attribute or try document.referrer
假设你的父母可以a.domain.com,你的 iframe 是b.domain.com- 那么你可以做你正在尝试的事情。如果您必须知道父项是什么,请将其传递到 iframe src 属性中或尝试document.referrer
回答by Mashhoor Gulati
add document.domain = 'your.domain' in both the pages.
在两个页面中添加 document.domain = 'your.domain'。
like this. don't forget both parent.top
像这样。不要忘记 parent.top
document.domain = 'corp.local'; only parent like
document.domain = 'corp.local'; 只有父母喜欢
document.domain = 'corp'; won't work.
document.domain = '公司'; 不会工作。
As I've mentioned here. javascript get iframe url's current page on subdomain
正如我在这里提到的。javascript在子域上获取iframe url的当前页面
this document helped. http://javascript.info/tutorial/same-origin-security-policy
这个文件有帮助。http://javascript.info/tutorial/same-origin-security-policy
