同源策略 - 子域和根域 [英] Same origin policy - Subdomains and Root Domain
问题描述
我有一个关于 同源 政策的问题.
我的公司有许多子域,在其中一个子域中,他们想要一个带有另一个子域的 iframe,并填充 iframe 的表单.
我已经阅读了关于 document.domain 属性的信息,并且我需要在所有三个域中进行设置,但是由于每个子域属于不同的部门,因此我无法轻松测试.所以这是我的问题:
当子域都是 https 而根域不是时,这可能吗?我查看了维基百科上的示例,但这对我没有帮助.任何帮助将不胜感激.
示例:
https://x.company.orghttps://y.company.orghttp://company.orgx.company.org 将有一个包含 y.company.org 的 iframe 的页面,其中包含我们想要自动填充的表单.
在这个上下文中定义域的东西是协议、端口和域,所以 http://abc.com 和 https://abc.com 被您的浏览器视为不同的域(http 与 https).
http://en.wikipedia.org/wiki/Same_origin_policy#Origin_determination_rules
https://x.company.org 和 https://y.company.org 也被视为单独的域,但它们都可以将域设置放宽到 https://company.org 和交叉交流.
http://en.wikipedia.org/wiki/Same_origin_policy#document.domain_property
由于 HTML5 已在所有主要浏览器中使用,您现在可以使用另一个选项.使用 HTML5 postMessage,您可以跨域进行通信,假设接收域想要接受消息并做出响应.
http://html5demos.com/postmessage2
I have a question regarding the same-origin policy.
My company has many subdomains and in one of them they would like an iframe with another subdomain inside of it and populate the form of the iframe.
I have read about the document.domain property and that I would need to set in on all three domains, however I can not easily test this due to each subdomain belonging to a different department. So here is my question:
Is this possible when the subdomains are both https, and the root domain is not? I looked at the examples on wikipedia, but that didn't help me. Any help would be greatly appreciated.
Example:
https://x.company.org
https://y.company.org
http://company.org
x.company.org will have a page with an iframe of y.company.org which has a form that we would like to auto populate.
The things that define a domain in this context are protocol, port and domain so http://abc.com and https://abc.com are considered different domains by your browser (http vs https).
http://en.wikipedia.org/wiki/Same_origin_policy#Origin_determination_rules
https://x.company.org and https://y.company.org are also considered separate domains but they can both relax their domain setting to https://company.org and cross-communicate.
http://en.wikipedia.org/wiki/Same_origin_policy#document.domain_property
There's another option available to you now as HTML5 is in all the major browsers. Using the HTML5 postMessage you can communicate across domains, assuming the receiving domain wants to accept the message and respond.
http://html5demos.com/postmessage2
这篇关于同源策略 - 子域和根域的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
