Okay, I have a page on and on this page I have an iframe. What I need to do is on the iframe page, find out what the URL of the main page is.
I have searched around and I know that this is not possible if my iframe page is on a different domain, as that is cross-site scripting. But everywhere I've read says that if the iframe page is on the same domain as the parent page, it should work if I do for instance:
parent.document.location
parent.window.document.location
parent.window.location
parent.document.location.href
... or other similar combos, as there seems to be multiple ways to get the same info.
Anyways, so here's the problem. My iframe is on the same domain as the main page, but it is not on the same SUB domain. So for instance I have
http:// www.mysite.com/pageA.html
and then my iframe URL is
http:// qa-www.mysite.com/pageB.html
When I try to grab the URL from pageB.html
(the iframe page), I keep getting the same access denied error. So it appears that even sub-domains count as cross-site scripting, is that correct, or am I doing something wrong?
Yes, accessing parent page's URL is not allowed if the iframe and the main page are not in the same (sub)domain. However, if you just need the URL of the main page (i.e. the browser URL), you can try this:
var url = (window.location != window.parent.location)
? document.referrer
: document.location.href;
Note:
window.parent.location
is allowed; it avoids the security error in the OP, which is caused by accessing the href
property: window.parent.location.href
causes "Blocked a frame with origin..."
document.referrer
refers to "the URI of the page that linked to this page." This may not return the containing document if some other source is what determined the iframe
location, for example:
document.referrer
will be Domain 3, not the containing Domain 1document.location
refers to "a Location object, which contains information about the URL of the document"; presumably the current document, that is, the iframe currently open. When window.location === window.parent.location
, then the iframe's href
is the same as the containing parent's href
.