I have a page at an internal server, server1.mydomain.com/page.jsp and another page at a different internal server, 10.x.x.x:8081/page.aspx.

On server1.mydomain.com, I set document.domain in page.jsp like this:

//page.jsp on server1.mydomain.com
document.domain = document.domain;

When I issue an alert on document.domain, it comes up as server1.mydomain.com.

On the 10.x.x.x server, I set document.domain in page.aspx, as a result, like this:

//page.aspx on 10.x.x.x
document.domain = "server1.mydomain.com";
// test if same-origin policy violation occurs
document.getElementById("div_el").innerHTML = window.top.location.href;

In Safari 5.1.5, an error pops up on the console:

SECURITY_ERR: DOM Exception 18: An attempt was made to break through the security policy of the user agent."

From what I understand, when you set document.domain, the port number is set to null; so, you have to set it on both ends, which I did. Then, this error occurs and I'm scratching my head why. Does this have anything to do with the fact I'm using 10.x.x.x and not an actual domain name?

Thank you.

You can only use document.domain to change from a more specific sub domain to a less specific domain. Like...

console.log(document.domain); // server1.mydomain.com

document.domain = 'mydomain.com'

console.log(document.domain); // mydomain.com

It can't be used to set to a more specific sub domain or to an entirely different domain.

You can only set document.domain to its current value or to a super-domain of the current setting. Thus, a page at "foo.something.com" can set it to "something.com", but not "something.else.com".