来自同一域的 iframe 和跨浏览器脚本
假设从 foo.bar.com/parent.htm 提供的页面包含指向 bar.com/child.htm 的 iframe。
位于parent.htm 中的脚本可以调用child.htm 中定义的函数吗?
看起来这应该可行,因为parent.htm和child.htm都来自同一个域。我收到访问被拒绝的消息,但我想知道为什么?
谢谢, 约翰
Say a page served from foo.bar.com/parent.htm contains an iframe that points to bar.com/child.htm.
Can a script located in parent.htm call a function defined in child.htm?
Seems like this should work because parent.htm and child.htm both eminate from the same domain. I am getting an access denied message, but I would like to know why?
Thanks,
John
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
否。看看维基百科,例如:http://en.wikipedia.org/wiki/Same_origin_policy。
No. Look at Wikipedia, for example: http://en.wikipedia.org/wiki/Same_origin_policy.
从浏览器的角度来看,它们不被视为同一域
They are not considered the same domain from the browser's standpoint
这是设计使然。为不同客户端使用子域的托管服务需要安全地隔离它们。
This is by design. Hosting services that use subdomains for different clients need to isolate them safely.
是的,在两个页面中设置
document.domain = 'bar.com',就可以跨框架访问数据了。这只适用于同一个域,例如您不能将document.domain设置为“not-the-current-domain.com”或者我通常做的事情:
设置
document.domain到当前根域(例如删除任何子域)Yes, set
document.domain = 'bar.com'in both pages and you can then access data cross-frame. This only works on the same domain, e.g. you can't setdocument.domainto "not-the-current-domain.com"Or what I usually do:
which sets
document.domainto the current root domain (e.g. strips any sub-domains)