Menu
For some reason chrome doesn't support document.domain any more and spits out an error when the line is read in the iframe containing a subdomain and the subdomain containing the iframe. Is there anyway around this?
Error: Uncaught Error: SECURITY_ERR: DOM Exception 18
982
Alternative cross-origin communication In most use cases, cross-origin postMessage() or the Channel Messaging API can replace document. domain . The following list shows the steps a developer needs to take to use postMessage() instead of document. domain for cross-origin DOM manipulation.
The document. domain setter is deprecated. It undermines the security protections provided by the same origin policy, and complicates the origin model in browsers, leading to interoperability problems and security bugs.
Definition and Usage. The domain property returns the domain name of the server (the document was loaded from). The domain property returns null if the document was created in memory.
The same-origin policy is a critical security mechanism that restricts how a document or script loaded by one origin can interact with a resource from another origin. It helps isolate potentially malicious documents, reducing possible attack vectors.
Document domain should be lowercase and the rules are like this:
// Actual domain is "www.foo.com"
document.domain = "foo.com"; // this is valid
// Actual domain is "bar.foo.com"
document.domain = "www.foo.com"; // this is invalid, "bar.foo.com" is not a subdomain of "www.foo.com"
// Actual domain is "blah.bar.foo.com"
document.domain = "bar.foo.com" // Ok
document.domain = "foo.com" // Still ok
document.domain = "bar.foo.com" // Invalid, you can't change it back to a more specific domain.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
