{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 深知你不懂我心 的问题《Access parent URL from iframe》','https://www.manongdao.com/q-8102.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Okay, I have a page on and on this page I have an iframe. What I need to do is on the iframe page, find out what the URL of the main page is.
I have searched around and I know that this is not possible if my iframe page is on a different domain, as that is cross-site scripting. But everywhere I've read says that if the iframe page is on the same domain as the parent page, it should work if I do for instance:
parent.document.location
parent.window.document.location
parent.window.location
parent.document.location.href
... or other similar combos, as there seems to be multiple ways to get the same info.
Anyways, so here's the problem. My iframe is on the same domain as the main page, but it is not on the same SUB domain. So for instance I have
http:// www.mysite.com/pageA.html
and then my iframe URL is
http:// qa-www.mysite.com/pageB.html
When I try to grab the URL from pageB.html (the iframe page), I keep getting the same access denied error. So it appears that even sub-domains count as cross-site scripting, is that correct, or am I doing something wrong?
The following line will work:
document.location.ancestorOrigins[0]this one returns the ancestor domain name.You're correct. Subdomains are still considered separate domains when using iframes. It's possible to pass messages using
postMessage(...), but other JS APIs are intentionally made inaccessible.It's also still possible to get the URL depending on the context. See other answers for more details.
For pages on the same domain and different subdomain, you can set the
document.domainproperty via javascript.Both the parent frame and the iframe need to set their document.domain to something that is common betweeen them.
i.e.
www.foo.mydomain.comandapi.foo.mydomain.comcould each use eitherfoo.mydomain.comor justmydomain.comand be compatible (no, you can't set them both tocom, for security reasons...)also, note that document.domain is a one way street. Consider running the following three statements in order:
Modern browsers can also use window.postMessage to talk across origins, but it won't work in IE6. https://developer.mozilla.org/en/DOM/window.postMessage
I couldnt get previous solution to work but I found out that if I set the iframe scr with for example
http:otherdomain.com/page.htm?from=thisdomain.com/thisfolderthen I could, in the iframe extractthisdomain.com/thisfolderby using following javascript:If your iframe is from another domain, (cross domain), you will simply need to use this:
and - here you've got the main url!
In chrome it is possible to use location.ancestorOrigins It will return all parent urls