iframe跨域访问 [英] iframe cross-domain access
问题描述
我有一个HTML页面,其中包含来自不属于我的跨域的iframe。
I have an HTML page with an iframe included from a cross domain that doesn't belong to me.
我需要在iframe中进行一些基本的javascript修改(写入值并启动一个事件 - >表单处理)。
I need to do some basic javascript modifications in the iframe (write value and fire up an event -> form processing).
由于原始政策相同,我不允许这样做。但是,我需要这样做,所以我正在寻找一种解决方法。
Because of the same origin policy I'm not allowed to do this. However, I need to do it, so I'm searching for a workaround.
解决方案对我自己运行脚本非常重要。如果它在一个浏览器中工作并且我不需要自己的安全就足够了。
The solution is just important that I can run a script for myself. It is enough if it works in one browser and I don't need security for myself.
在我的研究中,我找到了许多方法来打破相同的原始政策比如document.location(在FF中只有相似的位置),JSONP / sendMessage(我需要成为两个域的所有者)等等,没有任何东西适用于不属于我的页面的iframe。
On my research I have found a lot of ways to break the same origin policy like document.location (in FF only with similar locations), JSONP/sendMessage (I need to be the owner of both domains) and so on, nothing that works with an iframe of a page that doesn't belong to me.
推荐答案
唯一的解决方法,如果你不能建立另一个网站包含相关的CORS标题,用于获取iframe内容服务器端并将其作为来自您自己域的服务。
The only "workaround", if you can't make the other site include the relevant CORS headers, would be to fetch the iframe content server side and serve it as coming from your own domain.
没有更简单的解决方法的原因是因为有这个同源政策:保护用户。
The reason there isn't simpler workaround is due to why there is this same origin policy : to protect users.
这篇关于iframe跨域访问的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
