Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Possible to access a function on a parent page from an iframe that is on a different subdomain?

Tags:

javascript

jquery

security

iframe

I am trying to access a function located on the parent page from an iframe. I get the following error since they're using different sub-domains:

Uncaught SecurityError: Blocked a frame with origin "http://subdomain.domain.com" from accessing a frame with origin "http://subdomain2.domain.com". Protocols, domains, and ports must match.

I am using: 

window.parent.myFunction();

to access the function on the parent page.

Is there a workaround for this or will it simply not work because they're different sub-domains?

like image 923
user3499518 Avatar asked Apr 16 '14 03:04

user3499518

People also ask

Can an iframe get parent URL?

location. ancestorOrigins[0] will get the parent url, but this api only works in chromium browsers (see support). this also supports nested iframes, where the bottom most child has access to the urls of each parent iframe.

Does an iframe have its own window?

In action: iframeAn <iframe> tag hosts a separate embedded window, with its own separate document and window objects.

Why is it bad to set the document domain to a parent domain?

It undermines the security protections provided by the same origin policy, and complicates the origin model in browsers, leading to interoperability problems and security bugs. Attempting to set document. domain is dangerous.

2 Answers

Blocked a frame with origin "http://subdomain.domain.com" from accessing a frame with origin "http://subdomain2.domain.com"

If you add the line:

document.domain = 'domain.com';

to the scripts in both frames, they will be able to interact directly with each other's objects. See MDN for background.

However cross-frame scripting is strewn with nasty corner cases, where one frame executes something from another frame whilst that frame is busy doing something else, or isn't yet fully loaded. For anything non-trivial, I would avoid direct cross-frame scripting.

The more modern alternative is to keep execution within a single frame, and communicate across frames using postMessage. Support.

like image 161
bobince Avatar answered Nov 14 '22 23:11

bobince

This will only works if you have access to the parent domain (e.g. upload files there).

Inside your iframe page, create a second iframe with a source pointing to a page in the main domain.

The second iframe can call a function in the main page by using window.parent.parent.myFunction();

like image 30
NoGray Avatar answered Nov 14 '22 23:11

NoGray
Sign in to Comment

Related questions

How to find out if jquery dialog was closed on escape and execute some code
Can someone edit javascript file offline to run malicious code?
Converting two Uint32Array values to Javascript number
Typescript: Avoid comparison by reference
AngularJS : Access stored data in a factory after a $http call
0x800a138f - JavaScript runtime error: Unable to get property 'value' of undefined or null reference
What is a module and difference between module.exports vs exports?
Combining Date and Time input strings as a Date object
Send image data over RTC Data Channel
Mouseenter/Mouseover events do not fire if CSS3 translate/transform is used to change element position
Meteor.js possible with Cassandra instead of MongDB? [closed]
CasperJS: swallows special keys like Enter?
sort by number of occurrence(count) in Javascript array
Consecutive calls to console.log produce inconsistent results
JS: How to add negative numbers in javascript [duplicate]
Filter Firebase data using AngularJS
Getting the position of a mouse click inside the parent div javascript
AngularJS and IE compatibility mode
Cordova/Phonegap FileTransfer.upload() error code = 1 (FILE_NOT_FOUND_ERR)
Angular.js getElementById() not working in $scope function

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!