Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Attempting to access iframe contents (different subdomain); tried setting up CORS

I am hosting a file at domain.com, which contains an iframe whose document is hosted on s3.domain.com. I am attempting to access the contents of the iframe, however am receiving the following:

Unsafe JavaScript attempt to access frame with URL http://s3.domain.com.s3.amazonaws.com/file.html from frame with URL http://domain.com/. Domains, protocols and ports must match.

I understand the reason for this. I've found two work arounds.

  1. Since I own both documents, I can set the domain property to allow access like so: document.domain = 'domain.com';
  2. Use CORS to allow access to the document, which is hosted within an S3 bucket

I would prefer to do this, however am having trouble doing so. My CORS configuration file for the bucket currently looks like this:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
    </CORSRule>
</CORSConfiguration>

This is still, however, resulting in the error. I'm sure I'm missing something, however am not sure what.

Any advice would be appreciated. Thanks.

like image 337
onassar Avatar asked Nov 04 '22 06:11

onassar


1 Answers

With CORS browsers will usually do a preflight request (OPTIONS method). Probably you will have to allow all headers as well to ensure proper preflight request handling:

<AllowedHeader>*</AllowedHeader>

See also here.

like image 68
Carvellis Avatar answered Nov 11 '22 15:11

Carvellis