SECURITY_ERR: DOM Exception 18 when applying document.domain on both sites. How do I resolve this?

user717236 picture user717236 · Apr 5, 2012 · Viewed 18.8k times · Source

I have a page at an internal server, server1.mydomain.com/page.jsp and another page at a different internal server, 10.x.x.x:8081/page.aspx.

On server1.mydomain.com, I set document.domain in page.jsp like this:

//page.jsp on server1.mydomain.com
document.domain = document.domain;

When I issue an alert on document.domain, it comes up as server1.mydomain.com.

On the 10.x.x.x server, I set document.domain in page.aspx, as a result, like this:

//page.aspx on 10.x.x.x
document.domain = "server1.mydomain.com";
// test if same-origin policy violation occurs
document.getElementById("div_el").innerHTML = window.top.location.href;

In Safari 5.1.5, an error pops up on the console:

SECURITY_ERR: DOM Exception 18: An attempt was made to break through the security policy of the user agent."

From what I understand, when you set document.domain, the port number is set to null; so, you have to set it on both ends, which I did. Then, this error occurs and I'm scratching my head why. Does this have anything to do with the fact I'm using 10.x.x.x and not an actual domain name?

Thank you.

Answer

user1106925 picture user1106925 · Apr 5, 2012

You can only use document.domain to change from a more specific sub domain to a less specific domain. Like...

console.log(document.domain); // server1.mydomain.com

document.domain = 'mydomain.com'

console.log(document.domain); // mydomain.com

It can't be used to set to a more specific sub domain or to an entirely different domain.