stackoom
  简体   繁体   中英

Making AJAX calls from inside of an iframe with different domain

 原文  2011-08-25 00:23:18       javascript/ html/ dom/ iframe

Question

Is it possible to do AJAX calls from inside an iframe that has a different domain source?

I've tried script injection but it doesn't work because the iframe's source is secure. I made a simple fiddle with California DMV website here .

I'm getting DOM exception 8 error. Is it a security issue?

2 answers

solution1
 3 ACCPTED  2011-08-25 00:28:58

It is not possible to modify or make JS calls in an iframe with a different domain source. This is restricted in all browsers for security reasons.

See the " Same Origin Policy " for a description of how inter frame security works. In a nutshell, there is very little communication allowed between frames on a different domain for security reasons. You cannot make any direct Javascript calls between frames on different domains.

There is a way to make cross domain ajax calls and it involves using JSONP . Basically, you inject a script tag into your own frame and that script tag points to server endpoint anywhere on the web. Since the src value of a script tag is not restricted by the same origin policy, you can reach that server. But, now you need to have a way to get that result back. That is done using JSONP where you specify in your server request a javascript function that you want the returned javascript to call. That returned javascript can have javascript data in it that is then passed to the desired function. JSONP requires cooperation between both client code and the server code since a normal ajax call might not support the extra part of JSONP. But, with this cooperation of both sides, you can get around the same origin policy for server endpoints that support JSONP.

HTML5 has a new messaging system that can safely communicate data (not direct JS calls) between cooperating frames in different domains. See here and here for a description of how the HTML5 messaging works.

solution2
 1  2011-08-25 00:33:49

Yes it's a security issue because of the Same Origin Policy enforced by most browsers: http://en.wikipedia.org/wiki/Same_origin_policy .

You can look into JSONP http://niryariv.wordpress.com/2009/05/05/jsonp-quickly/ which is specifically designed to get around this.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Making AJAX calls from subdomain to main domain with relative paths manipulate iframe from a different domain inject script inside iframe of different domain Making cross domain jquery ajax calls to Restful webservice? Prevent chrome extension from making ajax calls Send AJAX calls from main domain to subdomain How to style inside an iframe from an external domain? reset forms inside an iframe from same domain Get container domain from inside the Iframe js AJAX calls in IFRAME
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM