I have an iframe on my page P1 which is hosted on server S1. On runtime, i do iframe.src=
to load page P2 hosted on server S2 inside the iframe.
I know about CORS and on server S2 for page P2, I've already set Access-Control-Allow-Origin: *
and I can confirm the same on response header when I check it in browser.
Now the page P2 and all it's assets load just file, but the moment I try to access P2's DOM from P1 using window.frames["iframe"].document
, it throws permission error.
Even though I'm setting Access-Control-Allow-Origin: *
on server S2, why am I still unable to access P2's DOM? Is this the way Access-Control-Allow-Origin: *
is supposed to work?
Cross-Origin Resource Sharing (CORS) errors occur when a server doesn't return the HTTP headers required by the CORS standard. To resolve a CORS error from an API Gateway REST API or HTTP API, you must reconfigure the API to meet the CORS standard.
< access-control-allow-origin: * You can solve this temporarily by using the Firefox add-on, CORS Everywhere. Just open Firefox, press Ctrl+Shift+A , search the add-on and add it! Thanks this helps to avoid all the hassle and test the code from localhost.
Use a Chrome extension to add Access-Control-Allow-Origin header into every response. To find one of them, just head over to Chrome Webstore and type in "CORS", dozens will show up in the search result. Or you can install CORS Helper, CORS Unblock or dyna CORS right away.
You can use PostMessages to set communication between documents. Even if they from different domains.
You can send data through PostMessage. It's limited, but this is better then nothing
Take a look at http://easyxdm.net/wp/ it has good api to work with. Long time ago i have made cross-domain http <-> https ajax requests with that lib.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With