X
Tippen Sie hierhin, um die Version dieser Website für Mobilgeräte aufzurufen.

Hilfeforum

Cross-Origin Resource Sharing. Added header 'Access-Control-Allow-Origin' in response header for iframe data. Can parent page now manipulate iframe's DOM ?

Veröffentlicht

Let say, I have a page on domain www.a.b.xyz.com. This page contains an iframe, with data from www.d.xyz.com.

iframe is loaded with data from www.d.xyz.com, by submitting html form to host www.d.xyz.com. In return server www.d.xyz.com is returning HTML DOM to be rendered in iframe. Server also sets header 'Access-Control-Allow-Origin: *.xyz.com' in response.

iframe is loaded with HTML DOM from www.d.xyz.com.

Now, I'm trying to access/manipulate (for eg: Click a button in iframe) DOM from parent page using Javascript. But, I'm not able to do so.

Is it because, 'Access-Control-Allow-Origin: *.xyz.com' just informs browser to show/render the content from www.d.xyz.com on www.a.b.xyz.com, but do not grant permission to parent page to manipulate iframe's DOM ?

I am able to manipulate iframe's DOM from parent, only if I create sub-domain for both parent and iframe- document.domain='xyz.com'; I changed domain using firebug debugger.

Any help will be appreciated.

Let say, I have a page on domain www.a.b.xyz.com. This page contains an iframe, with data from www.d.xyz.com. iframe is loaded with data from www.d.xyz.com, by submitting html form to host www.d.xyz.com. In return server www.d.xyz.com is returning HTML DOM to be rendered in iframe. Server also sets header 'Access-Control-Allow-Origin: *.xyz.com' in response. iframe is loaded with HTML DOM from www.d.xyz.com. Now, I'm trying to access/manipulate (for eg: Click a button in iframe) DOM from parent page using Javascript. But, I'm not able to do so. Is it because, 'Access-Control-Allow-Origin: *.xyz.com' just informs browser to show/render the content from www.d.xyz.com on www.a.b.xyz.com, but do not grant permission to parent page to manipulate iframe's DOM ? I am able to manipulate iframe's DOM from parent, only if I create sub-domain for both parent and iframe- document.domain='xyz.com'; I changed domain using firebug debugger. Any help will be appreciated.

Geändert am von binit.00354

Mehr Details zum System

Installierte Plugins

  • DivX Web Player version 1.4.0.233
  • The Totem 3.0.1 plugin handles video and audio streams.
  • Shockwave Flash 11.2 r202
  • This plug-in detects the presence of iTunes when opening iTunes Store URLs in a web page with Firefox.

Anwendung

  • Firefox 38.0
  • User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:38.0) Gecko/20100101 Firefox/38.0
  • Hilfe-URL: https://support.mozilla.org/1/firefox/38.0/Linux/en-US/

Erweiterungen

  • Firebug 2.0.10 (firebug@software.joehewitt.com)
  • Greasemonkey 3.2 ({e4a8a97b-f2ed-450b-b12d-ee082ba24781})
  • Session Manager 0.8.1.6.1-signed ({1280606b-2510-4fe0-97ef-9b5a22eafe30})
  • Ubuntu Firefox Modifications 3.0 (ubufox@ubuntu.com)

JavaScript

  • incrementalGCEnabled: True

Grafiken

  • adapterDescription: Intel Open Source Technology Center -- Mesa DRI Intel(R) Ivybridge Desktop
  • adapterDeviceID: Mesa DRI Intel(R) Ivybridge Desktop
  • adapterDrivers:
  • adapterRAM:
  • adapterVendorID: Intel Open Source Technology Center
  • driverDate:
  • driverVersion: 3.0 Mesa 10.1.3
  • info: {u'AzureCanvasBackend': u'cairo', u'AzureFallbackCanvasBackend': u'none', u'AzureContentBackend': u'cairo', u'AzureSkiaAccelerated': 0}
  • numAcceleratedWindows: 0
  • numAcceleratedWindowsMessage: [u'']
  • numTotalWindows: 1
  • webglRenderer: Intel Open Source Technology Center -- Mesa DRI Intel(R) Ivybridge Desktop
  • windowLayerManagerRemote: False
  • windowLayerManagerType: Basic

Veränderte Einstellungen

Verschiedenes

  • User JS: Nein
  • Barrierefreiheit: Nein
guigs 1072 Lösungen 11697 Antworten
Veröffentlicht

It sounds like you are running into this restriction and are looking for a work around: security.fileuri.strict_origin_policy preference, which defaults to true

I am not entirely sure if the subdomain counts a the same origin, but you can try location set. But an even better example: https://developer.mozilla.org/en-US/A.../Cross_Domain_Content_Scripts#Cross-domain_iframes

So your original question: Can parent page now manipulate iframe's DOM ? Sort of.


References:

It sounds like you are running into this restriction and are looking for a work around: security.fileuri.strict_origin_policy preference, which defaults to true I am not entirely sure if the subdomain counts a the same origin, but you can try location set. But an even better example: [https://developer.mozilla.org/en-US/Add-ons/SDK/Guides/Content_Scripts/Cross_Domain_Content_Scripts#Cross-domain_iframes] So your original question: ''Can parent page now manipulate iframe's DOM ?'' Sort of. References: *[https://developer.mozilla.org/en-US/docs/Same-origin_policy_for_file:_URIs] *[https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy]