{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 smile是对你的礼貌 的问题《Dynamicly set document.domain to iframe》','https://www.manongdao.com/q-350472.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I have an iframe that injects in pages, called him "helper". So due to same origin policy i need to set iframe domain the same is parent window domain. But i cant get access to parent window domain. How can it be solved?
Update #1
This code is currently work for 2nd level domains:
pathArray = window.location.host.split('.');
var arrLength = pathArray.length;
var domainName = pathArray.slice(arrLength - 2, arrLength).join('.');
document.domain = domainName;
but I need to somehow get it from parent window rather than relying on 2nd level domain
Assuming you parent can be
a.domain.comand your iframe isb.domain.com- then you can do what your are attempting. If you MUST know what the parent is, pass it in the iframe src attribute or trydocument.referrerIn short, it can't. Setting
document.domainonly works when the iFrame and containing window are actually part of the same domain. If a browser were to let you setdocument.domainto something other than the domain you were actually on, it would be a security violation. Consider, any malicious script could just say 'No really, trust me on this one' and the browser would essentially be saying, 'Oh, okay, since you asked so nicely, here's all the permission you want'.document.domaincan only be set to a parent domain of the actual domain of the page. If an iFrame and a containing window don't share at least that, then no browser will allow them to cross talk.Unless I've misunderstood your question. Feel free to post some examples to clarify.
add document.domain = 'your.domain' in both the pages.
like this. don't forget both parent.top
document.domain = 'corp.local'; only parent like
document.domain = 'corp'; won't work.
As I've mentioned here. javascript get iframe url's current page on subdomain
this document helped. http://javascript.info/tutorial/same-origin-security-policy
I do not know if it will help but i use this in iframe
So i check if domain already set we have exception ang try to guess domain, in either case, there is no need to set a domain
EDIT: More correctly to use post message to set domain if needed