IE 中带有 2 个字母域名的 document.domain 错误
我们有一个包含两个字母的域名。这是 IE 所有版本的问题。
问题是,当我们设置 document.domain="xx.yy"
时,我们会收到“无效参数”异常。
有谁有关于如何解决此错误的解决方案或想法?
问候, 托比亚斯
We have a domain name with two letters in it. This is a problem with IE, for all versions.
The problem is that when we set document.domain="xx.yy"
we get an "invalid argument" exception.
Does anyone have a solution or an idea on how to work around this bug?
Regards,
Tobias
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
哪些域可以用作跨文档脚本和 cookie 共享的共享父域是有限制的。
这是故意的:否则,
example.co.uk
和other-example.co.uk
可能会充当同一网站co.uk
的一部分>。出于隐私和安全原因,浏览器不允许这样做。问题在于,DNS 系统没有正式的方式来声明
co.uk
是一个由注册表分配的域,独立的组织位于其下,但bit.ly
是一个单一的组织。在某些地方,这甚至更难,例如.jp
,它既有直接组织子域,也有注册表分配的子域,例如co.jp
。因此,浏览器有关于哪些域应被视为“公共”的内部规则,并且不应允许共享脚本/凭据上下文,并且当出现新的 TLD 和 SLD 时,必须更新这些规则。较旧的浏览器可能无法识别较新的域。
某些浏览器从公共后缀列表获取信息,但 IE 除外。 IE 似乎正在使用启发式方法,对于它不知道且具有特殊情况的 TLD,2 个字母的子域
xx.yy
可能是公共域(例如co.uk
、or.jp
或其他),并且不应被允许充当共享父域。在我看来,这是一个合理的猜测:最好是“故障安全”。我认为你无法绕过它。你想做什么,可能还有其他方法吗?您可以将所有跨子域脚本编写内容放在子子域中吗?
There are limitations on what domains can be used as a shared parent domain for cross-document scripting and cookie sharing.
This is deliberate: otherwise,
example.co.uk
andother-example.co.uk
could act as part of the same siteco.uk
. Browsers don't want to allow this, for privacy and security reasons.The problem is that the DNS system doesn't have an official way to state that
co.uk
is a registry-allocated domain under which separate organisations live, butbit.ly
is a single organisation. This is even harder in some places, like.jp
which has both direct organisation subdomains and registry-allocated subdomains likeco.jp
.So browsers have internal rules of what domains should be taken as ‘public’ and shouldn't be allowed to share scripting/credentials context, and these rules have to be updated when there are new TLDs and SLDs. Older browsers may not recognise newer domains.
Some browsers take their information from the Public Suffix List, though not IE. IE would appear to be using the heuristic that, for a TLD it doesn't know about and have a special-case for, a 2-letter subdomain
xx.yy
is likely to be a public domain (likeco.uk
,or.jp
or whatever) and shouldn't be allowed to act as a shared parent domain. This is a reasonable guess, IMO: better to ‘fail safe’.I don't think you're going to be able to circumvent it. What are you trying to do, might there be another way around? Can you put all the cross-subdomain scripting stuff in a sub-subdomain?