Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

AJAX inside IFRAME not working against same server

Tags:

ajax

iframe

I'm using a website, abc.com, that is hosting an iframe of a page on 123.com.
The page inside the iframe is doing an AJAX request to another page on 123.com, but we're seeing that the request is getting cancelled.

Unless I'm wrong — and I haven't found any official information on the internet about this — the call should work fine as it is not a cross-domain request.

Would the fact that the parent frame is on a different domain really hinder the iframe from doing AJAX requests to its own server?

like image 209
nkspartan Avatar asked Oct 22 '22 14:10

nkspartan

1 Answers

The IFRAME should be able to make an ajax request to its own originating site (same source URL). However, make sure the REQUEST event is FIRED from the IFRAME, not the parent.

My first guess would be you are loading the IFRAME and then addressing it (firing an event) via the parent (JS) to get it to do/get/set something which triggers an ajax call. In short, this is the mostly likely reason the IFRAME domain to same domain request is getting cancelled as it is still recognized by the browser as originating from outside the target domain code.

The REQUEST event needs to be organically generated from the user clicking on something in the IFRAME or from code in the IFRAME itself firing the event.

In other words: just because the IFRAME may have some ability to fire events/ajax in its JS/code to/from itself, it would normally still not be allowed to have the parent reference that ajax/JS directly via JS/code. The IFRAME has to already be coded to do it based on its load parameters (URL values, perhaps) or the user has to physically click/take action on something to create a user generated event on that domain.

Of course, this is going to vary a bit by browser and version on what you might be able coax in terms interactivity between the parent and iframe. But a strict, up-to-date browser will try to keep you from faking insecure interaction on the iFrame via js.

To get a better answer, you would need to provide more detail on exactly what you are doing/getting.

like image 178
williambq Avatar answered Oct 25 '22 19:10

williambq
Sign in to Comment

Related questions

Django context variables and ajax response
how to allow cross domain requests on tomcat?
Best practice in synchronized methods in jsf and java
Does jquery $.post() Ajax scale to massive usage, or does it keep a socket open?
Add comments + Ajax
Cross-Domain Requests with JSON [duplicate]
how to dynamically calculate value in the text box
How do I post a lot of data to Django?
Return multiple values using JSON, jQuery and AJAX and Java
How to handle FileStream return type in .ajax post?
p:dialog does not fire ajax close event when using dialog.hide()
$.ajax async:false doesn't work in IE and Firefox, works in Chrome/Safari
JQuery ajax call getting status code 0 "error"
Rollback the transaction when user abort the connection
PrimeFaces p:blockUI blocking a certain component dynamically (on JSF EL condition)?
Mozilla developer network - What does the question mark refer to?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!