Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Script permission error, even with CORS enabled

I have an iframe on my page P1 which is hosted on server S1. On runtime, i do iframe.src= to load page P2 hosted on server S2 inside the iframe.

I know about CORS and on server S2 for page P2, I've already set Access-Control-Allow-Origin: * and I can confirm the same on response header when I check it in browser.

Now the page P2 and all it's assets load just file, but the moment I try to access P2's DOM from P1 using window.frames["iframe"].document, it throws permission error.

Even though I'm setting Access-Control-Allow-Origin: * on server S2, why am I still unable to access P2's DOM? Is this the way Access-Control-Allow-Origin: * is supposed to work?

Request-Response

like image 662
coreSOLO Avatar asked Mar 22 '13 13:03

coreSOLO


People also ask

How do you fix a CORS error?

Cross-Origin Resource Sharing (CORS) errors occur when a server doesn't return the HTTP headers required by the CORS standard. To resolve a CORS error from an API Gateway REST API or HTTP API, you must reconfigure the API to meet the CORS standard.

How do I fix CORS policy no Access-Control allow origin?

< access-control-allow-origin: * You can solve this temporarily by using the Firefox add-on, CORS Everywhere. Just open Firefox, press Ctrl+Shift+A , search the add-on and add it! Thanks this helps to avoid all the hassle and test the code from localhost.

How do I fix a blocked CORS policy?

Use a Chrome extension to add Access-Control-Allow-Origin header into every response. To find one of them, just head over to Chrome Webstore and type in "CORS", dozens will show up in the search result. Or you can install CORS Helper, CORS Unblock or dyna CORS right away.


1 Answers

You can use PostMessages to set communication between documents. Even if they from different domains.

You can send data through PostMessage. It's limited, but this is better then nothing

Take a look at http://easyxdm.net/wp/ it has good api to work with. Long time ago i have made cross-domain http <-> https ajax requests with that lib.

like image 177
ant_Ti Avatar answered Sep 22 '22 11:09

ant_Ti