Reputation: 3619
Script permission error, even with CORS enabled
I have an iframe on my page P1 which is hosted on server S1. On runtime, i do iframe.src= to load page P2 hosted on server S2 inside the iframe.
I know about CORS and on server S2 for page P2, I've already set Access-Control-Allow-Origin: * and I can confirm the same on response header when I check it in browser.
Now the page P2 and all it's assets load just file, but the moment I try to access P2's DOM from P1 using window.frames["iframe"].document, it throws permission error.
Even though I'm setting Access-Control-Allow-Origin: * on server S2, why am I still unable to access P2's DOM? Is this the way Access-Control-Allow-Origin: * is supposed to work?
Upvotes: 9
Views: 486
Answers (1)
Reputation: 2425
You can use PostMessages to set communication between documents. Even if they from different domains.
You can send data through PostMessage. It's limited, but this is better then nothing
Take a look at http://easyxdm.net/wp/ it has good api to work with. Long time ago i have made cross-domain http <-> https ajax requests with that lib.
Upvotes: 1
Related Questions
- Access to Script at ' from origin 'null' has been blocked by CORS policy
- CORS – Cross Origin Request Blocked – The 'Access-Control-Allow-Origin' header contains invalid value
- JavaScript permission denied. How to allow cross domain scripting between trusted domains?
- Keep getting No 'Access-Control-Allow-Origin' error with XMLHttpRequest
- CORS: policy differs if accessing URL from browser or from within script
- Not able to resolve No 'Access-Control-Allow-Origin' error using javascript
- Access-Control-Allow-Origin error
- No 'Access-Control-Allow-Origin' but still processing
- XmlHttpRequest denied by Access-Control-Allow-Origin even though origin matches perfectly
- JavaScript permission denied. Not cross domain?