Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

iframe contentWindow throws Access Denied error after shortening document.domain

I create an IFRAME dynamically in the following way:

var wrapUpIframe = document.createElement("iframe");
wrapUpIframe.id = 'WrapUpDialog3';
wrapUpIframe.src = 'WrapUpDialog.html';    
document.body.appendChild(wrapUpIframe);

after the dynamic creation my document.domain is being shortened from Servername.dc.com to only dc.com,

but when I try to access contentWindow I got an Access is denied error:

document.getElementById("WrapUpDialog3").contentWindow.SomeFunction();

Note: When I define the IFRAME statically in the HTML it works fine.
I also tried to change my IFRAME document.domain in the following way:

WrapUpDialog3.document.domain = dc.com;

I checked both document.domain and my IFRAME domain and they are both identical.

What can I do?

I'm working with IE9.

like image 515
Dor Cohen Avatar asked Feb 21 '13 12:02

Dor Cohen


1 Answers

First take a look at the correct answer from this post. It looks to me like that could be your issue.

If not that then maybe this quick hack I saw from another post might help.

 var frame = $('<iframe>')
.attr('id', 'myIframe')
.addClass('someClass')
.attr('src', 'javascript:(function () {' +'document.open();document.domain=\'myDomain.net\';document.close();' + '})();');
.appendTo($('#someDiv'));

Not sure if this is relevant but I also found this on the web link.

OK, so to respond to your comment. The javascript function isn't assigning the source, it's setting the document domain which apparently doesn't get done correctly in I.E.

Check out this link for another example and explanation.

So what I would try might be something like this ...

var wrapUpIframe = document.createElement("iframe");
wrapUpIframe.id = 'WrapUpDialog3';    
wrapUpIframe.src = setSrc();
document.body.appendChild(wrapUpIframe);

function setSrc(){document.open();document.domain=\'dc.com\';document.close();return 'WrapUpDialog.html';}

You might have to play around with how to return the actual url for the iframe after running the function that sets the document domain. But from what I am seeing this might work for you.

I had a similar issue but not exactly the same problem which is why I can't give you an exact fix. The function setting the document domain was what got me past the access denied error.

You could also add this to your main document to really make sure the domains match.

 <script type="text/javascript">
    document.domain = 'dc.com';
  </script>

I also wanted to add a link for some explanation on explicitly setting the document.domain that I had used before. This was helpful to me in the past. Particularly this quote ...

Explicitly setting the value indicates intent to "cooperate" with a script on another subdomain (under the same parent domain).

Dor, you may be having a timing issue. I found some code (here) that I just tested that works for me. It makes sure that the iframe is loaded before you try to access the contentWindow.

var iframe = document.createElement("iframe");
iframe.src = "WrapUpDialog.html";

if (iframe.attachEvent){
    iframe.attachEvent("onload", function(){
        alert("Local iframe is now loaded.");
    });
} else {
    iframe.onload = function(){
        alert("Local iframe is now loaded.");
    };
}

document.body.appendChild(iframe);

var iframeWindow = iframe.contentWindow || iframe.contentDocument.parentWindow;
like image 96
Vic Avatar answered Sep 24 '22 04:09

Vic