我有 http://parent.com,它在 http://parent.com:8888 (这是正在开发中,在生产中甚至可能在另一个域(我控制的)上)。弹出窗口结束后,神奇的是它会包含以下内容:
<!-- this is on http://parent.com:8888/popup.php -->
<html>
<script type="text/javascript">
window.opener.location.href = "http://parent.com/ow_yeah.php";
self.close();
</script>
</html>
适用于所有浏览器,除了 IE8 和 Opera。在 IE8 中我仍然需要进行研究,但 Opera 是让我烦恼的。它抛出的错误是这样的:
Uncaught exception: ReferenceError: Security error: attempted to write protected variable
尝试了 this 但它不起作用。我还在互联网上读到这是一个跨域问题:子窗口不应该从另一个域修改其父窗口上的某些内容,除了父窗口的位置。我尝试做的是更改位置,但仍然遇到问题。有什么想法吗?
I have http://parent.com that opens a pop-up on http://parent.com:8888 (this is in development, in production may be even on another domain (that I control)). After the pop-up end it's magic it will contain this:
<!-- this is on http://parent.com:8888/popup.php -->
<html>
<script type="text/javascript">
window.opener.location.href = "http://parent.com/ow_yeah.php";
self.close();
</script>
</html>
Works on all browsers, except IE8 and Opera. In IE8 I still have to investigate, but the Opera is the one that bugs me. The error that it throws is this:
Uncaught exception: ReferenceError: Security error: attempted to write protected variable
Tried this but it didn't work. I also read across the internet that this is a cross-domain issue: a child window should never modify something on it's parent form another domain EXECPT the location of the parent. What I try to do is to change the location, but I still have problems. Any ideas ?
发布评论
评论(2)
同源策略在这里发挥作用。如果您查看图表,您会发现不同的端口被视为不同的域。
Same origin policy is in play here. If you look at the chart you will see that different ports are seen as different domains.
事实上,这是因为不同的港口被认为是不同的起源。我很惊讶您发现它仅在某些浏览器中失败,但我猜它们的安全策略可能有点不同。顺便说一句,你是否在任何地方设置了 document.domain ?
如果出于某种原因您确实需要使用来自不同来源的弹出窗口和父级进行此设置,则可能必须回退到使用 window.postMessage() 在它们之间进行通信。看
http://ejohn.org/blog/cross-window-messaging/(其示例有点过时,但对原理有很好的解释)和
http://www.whatwg.org /specs/web-apps/current-work/multipage/comms.html#web-messaging - 当前规范,带有可复制粘贴的示例代码。
Indeed, it's because a different port is considered a different origin. I'm surprised that you see it fail in only some browsers, but I guess their security policies may be a bit different. Do you set document.domain anywhere, BTW?
If you for some reason really need this setup with popup and parent from different origins, you may have to fall back to using window.postMessage() for communicating between them. See
http://ejohn.org/blog/cross-window-messaging/ (a bit outdated in its examples but a pretty good explanation of principles) and
http://www.whatwg.org/specs/web-apps/current-work/multipage/comms.html#web-messaging - the current spec, with copy-pasteable example code.