I am hosting a file at domain.com
, which contains an iframe whose document is hosted on s3.domain.com
. I am attempting to access the contents of the iframe, however am receiving the following:
Unsafe JavaScript attempt to access frame with URL http://s3.domain.com.s3.amazonaws.com/file.html from frame with URL http://domain.com/. Domains, protocols and ports must match.
I understand the reason for this. I've found two work arounds.
document.domain = 'domain.com';
I would prefer to do this, however am having trouble doing so. My CORS configuration file for the bucket currently looks like this:
<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>*</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
</CORSRule>
</CORSConfiguration>
This is still, however, resulting in the error. I'm sure I'm missing something, however am not sure what.
Any advice would be appreciated. Thanks.
With CORS browsers will usually do a preflight request (OPTIONS
method). Probably you will have to allow all headers as well to ensure proper preflight request handling:
<AllowedHeader>*</AllowedHeader>
See also here.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With