简体繁体 English

Javascript HTTPS-Frame对父HTTP-Frame的访问

[英]Javascript HTTPS-Frame Access to Parent HTTP-Frame

原文 2012-08-03 13:24:52 2 1 javascript/ html/ cross-domain/ xss/ same-origin-policy

How can an IFRAME with URL https://domain/ access the DOM of the parent frame which has URL http://domain/ (HTTPS calls HTTP)? 具有URL https://domain/的IFRAME如何访问具有URL http://domain/的父框架的DOM（HTTPS称为HTTP）？

Both frames will cooperate. 两个框架将合作。 The domain is the same in both frames, just the protocol is different . 两个帧中的域都相同，只是协议不同 。 Setting document.domain is not allowed as that would allow for XSS attacks coming from other untrusted frames. 不允许设置document.domain因为那样将允许来自其他不受信任框架的XSS攻击。

As an alternative to accessing the DOM it would be enough to send a message (containing a single integer). 作为访问DOM的替代方法，发送一条消息（包含一个整数）就足够了。 Notice, that the postMessage API only works in IE8+. 请注意， postMessage API仅在IE8 +中有效。 I need IE6+ . 我需要IE6 + 。

1 个解决方案

Is easyXDM an option. 是easyXDM的一个选项。 It supports postMessage for browsers with support, and falls back to other mechanisms for older browsers. 它支持带有支持的浏览器的postMessage，并回退到旧版本浏览器的其他机制。 Some of the mechanisms are a bit hacky but they work. 其中一些机制有些棘手，但可以起作用。

But why do you want to have a secure iframe on an insecure page? 但是，为什么要在不安全的页面上放置安全的iframe？

允许HTTP iFrame在HTTPS父框架上调用JavaScript - Allowing HTTP iFrame to call JavaScript on HTTPS parent frame

请求访问的帧的协议为“ https”，正在访问的帧的协议为“ http”。协议必须匹配 - The frame requesting access has a protocol of “https”, the frame being accessed has a protocol of “http”. Protocols must match

Google资料库错误：请求访问的框架具有“https”协议，正在访问的框架具有“http”协议 - Google wallet error: The frame requesting access has a protocol of “https”, the frame being accessed has a protocol of “http”

请求访问的框架的协议为“ https”，正在访问的框架的协议为“ http” - The frame requesting access has a protocol of 'https', the frame being accessed has a protocol of 'http' for Linkedin

父框架如何访问子框架窗口？ - How parent frame access child frame window?

将HTTP框架嵌入HTTPS父级时防止混合内容错误 - Prevent mixed content error when embedding HTTP frame inside an HTTPS parent

不安全的JavaScript尝试访问框架 - Unsafe JavaScript attempt to access frame

不安全的JavaScript尝试通过框架访问 - Unsafe JavaScript attempt to access with frame

Javascript-获取框架中的元素与根父框架的协调 - Javascript - Get the coordination of element in frame to root parent frame

在父框架中打开iframe页面（javascript） - Open iframe page in parent frame (javascript)

暂无

暂无

声明:本站的技术帖子网页，遵循CC BY-SA 4.0协议，如果您需要转载，请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 允许HTTP iFrame在HTTPS父框架上调用JavaScript - Allowing HTTP iFrame to call JavaScript on HTTPS parent frame 请求访问的帧的协议为“ https”，正在访问的帧的协议为“ http”。协议必须匹配 - The frame requesting access has a protocol of “https”, the frame being accessed has a protocol of “http”. Protocols must match Google资料库错误：请求访问的框架具有“https”协议，正在访问的框架具有“http”协议 - Google wallet error: The frame requesting access has a protocol of “https”, the frame being accessed has a protocol of “http” 请求访问的框架的协议为“ https”，正在访问的框架的协议为“ http” - The frame requesting access has a protocol of 'https', the frame being accessed has a protocol of 'http' for Linkedin 父框架如何访问子框架窗口？ - How parent frame access child frame window? 将HTTP框架嵌入HTTPS父级时防止混合内容错误 - Prevent mixed content error when embedding HTTP frame inside an HTTPS parent 不安全的JavaScript尝试访问框架 - Unsafe JavaScript attempt to access frame 不安全的JavaScript尝试通过框架访问 - Unsafe JavaScript attempt to access with frame Javascript-获取框架中的元素与根父框架的协调 - Javascript - Get the coordination of element in frame to root parent frame 在父框架中打开iframe页面（javascript） - Open iframe page in parent frame (javascript)

相关标签

粤ICP备18138465号 © 2020-2024 STACKOOM.COM