Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

SECURITY_ERR: DOM Exception 18 when applying document.domain on both sites. How do I resolve this?

I have a page at an internal server, server1.mydomain.com/page.jsp and another page at a different internal server, 10.x.x.x:8081/page.aspx.

On server1.mydomain.com, I set document.domain in page.jsp like this:

//page.jsp on server1.mydomain.com
document.domain = document.domain;

When I issue an alert on document.domain, it comes up as server1.mydomain.com.

On the 10.x.x.x server, I set document.domain in page.aspx, as a result, like this:

//page.aspx on 10.x.x.x
document.domain = "server1.mydomain.com";
// test if same-origin policy violation occurs
document.getElementById("div_el").innerHTML = window.top.location.href;

In Safari 5.1.5, an error pops up on the console:

SECURITY_ERR: DOM Exception 18: An attempt was made to break through the security policy of the user agent."

From what I understand, when you set document.domain, the port number is set to null; so, you have to set it on both ends, which I did. Then, this error occurs and I'm scratching my head why. Does this have anything to do with the fact I'm using 10.x.x.x and not an actual domain name?

Thank you.

like image 382
user717236 Avatar asked Apr 05 '12 19:04

user717236


2 Answers

You can only use document.domain to change from a more specific sub domain to a less specific domain. Like...

console.log(document.domain); // server1.mydomain.com

document.domain = 'mydomain.com'

console.log(document.domain); // mydomain.com

It can't be used to set to a more specific sub domain or to an entirely different domain.

like image 85
user1106925 Avatar answered Sep 27 '22 23:09

user1106925


You can only set document.domain to its current value or to a super-domain of the current setting. Thus, a page at "foo.something.com" can set it to "something.com", but not "something.else.com".

like image 29
Pointy Avatar answered Sep 27 '22 22:09

Pointy