Cross sub domain iframes and JavaScript

cross domain iframe example
access-control-allow-origin iframe
cross origin subdomain
iframe alternative cross domain
document.domain iframe
iframe get current url cross domain
iframe subdomain
same-origin policy

I am working on a CMS site whose domain is:

http://www.acmssite.com

They have a sub-domain where they store a form system:

http://www.forms.acmssite.com

I have an iframe on the first that looks at a form in the latter.

I need to run scripts to manipulate the latter from the former and was wondering is this possible?


In order for this to not be restricted by the same origin policy, you will probably need to do this in both the pages:

document.domain = "acmssite.com";

Same-origin policy, By default you can not execute Javascript on different domains because of browser cross domain security restrictions. Advanced iFrame does  The main issue that arises in iFrame is cross-domain support which is commonly needed in distributed networks, multi-site architecture and search/reuse activities. Problems arise when iFrame has to communicate via JavaScript in cross domain.


Yes it is.

var iframe = document.getElementById("your-iframes-id").contentWindow.document;

Using Sub domains with Advanced iFrame, Since the early days, browsers have prevented cross-site scripting by ensuring access files loaded from another domain, such as the source of an iframe. so JavaScript code on subdomain1.mattsnider.com cannot access  Cross Subdomain Scripting Since the early days, browsers have prevented cross-site scripting by ensuring that JavaScript cannot access files loaded from another domain, such as the source of an iframe.


You can still bypass this issue with the help of YQL even though you don't have access to the header part of the receiving window. With the Postmessage method also you need to edit the recipient window script. But using this method you can load any iframe without touching their scripts. Check this out! jsfiddle-link

<html>
<iframe src="https://google.com/" width="500" height="300"></iframe>

<script>
var iframe = document.getElementsByTagName('iframe')[0];
var url = iframe.src;
var getData = function (data) {
    if (data && data.query && data.query.results && data.query.results.resources && data.query.results.resources.content && data.query.results.resources.status == 200) loadHTML(data.query.results.resources.content);
    else if (data && data.error && data.error.description) loadHTML(data.error.description);
    else loadHTML('Error: Cannot load ' + url);
};
var loadURL = function (src) {
    url = src;
    var script = document.createElement('script');
    script.src = 'https://query.yahooapis.com/v1/public/yql?q=select%20*%20from%20data.headers%20where%20url%3D%22' + encodeURIComponent(url) + '%22&format=json&diagnostics=true&env=store%3A%2F%2Fdatatables.org%2Falltableswithkeys&callback=getData';
    document.body.appendChild(script);
};
var loadHTML = function (html) {
    iframe.src = 'about:blank';
    iframe.contentWindow.document.open();
    iframe.contentWindow.document.write(html.replace(/<head>/i, '<head><base href="' + url + '"><scr' + 'ipt>document.addEventListener("click", function(e) { if(e.target && e.target.nodeName == "A") { e.preventDefault(); parent.loadURL(e.target.href); } });</scr' + 'ipt>'));
    iframe.contentWindow.document.close();
}

loadURL(iframe.src);
</script>
</html>

Cross Subdomain Scripting · MattSnider.com, So basically, we needed to have javascript control in the parent and in the child. We had 2 problems to solve based on embedding. One was to change the iframe​  Interacting cross-domain. Of course, in most cases using iframes makes sense when you want to include contents from other domains and not only when you want to include contents from the same domain. Fortunately, there are a few options for handling this depending on the exact level of cross-domain interaction which is required. URL fragment hack


The iframe cross-domain policy problem, Of course, in most cases using iframes makes sense when you want to on the exact level of cross-domain interaction which is required. which will not allow child frame to change a parent frame's location. the origin in both document using the following JavaScript code: Cross sub domain iframes et JavaScript. javascript iframe subdomain cross-domain. demandé sur p.campbell 2011-05-18 18:41:18. la source. 3


Cross-document communication with iframes, Using iFrame for Cross-domain Communication in Enterprise and work to bridge the connections between domains and sub-domains. Problems arise when iFrame has to communicate via JavaScript in cross domain. It involves setting up a subdomain and updating its DNS to point to a third-party website. When combined with the old document.domain hack, you end up with a situation where your iframe can communicate with a cross-domain iframe, without relying on iframe. (The technique described in the article is about browser-to-server communication, but I


Using iFrame for Cross-domain Communication in Enterprise , Same-origin policy (SOP); Techniques to enable cross-domain messaging around servers: subdomain proxies, JSONP, and the cross-origin resource sharing same-origin policy in regards to XMLHttpRequest , iframes, and other ways of  Again, that’s only possible for pages with the same second-level domain. Iframe: wrong document pitfall. When an iframe comes from the same origin, and we may access its document, there’s a pitfall. It’s not related to cross-origin things, but important to know. Upon its creation an iframe immediately has a document.