重定向后是否可以找到跨域 iframe 的新 URL? [英] Is it possible to find a cross-domain iframe's new URL after a redirect?
问题描述
我正在尝试发布到我网站的另一个子域上的应用程序的登录表单.这是我无权访问源代码的第三方应用.
I'm trying to post to the login form of an application on another subdomain of my site. It's a third party app that I don't have source access to.
我知道您无法访问跨域 iframe 的大多数功能,因为同源策略.然而,我需要访问的只是在 iframe 中被重定向到(通过 JavaScript)的 URL.它有一个我想传递的会话令牌.
I know that you can't access most features of a cross-domain iframe because of same origin policy. All I need to access, however, is the URL that's been redirected to (via JavaScript) within the iframe. It has a session token that I want to pass through.
这似乎足够安全,可以被允许,但我还没有找到办法做到这一点.我正在使用 jQuery,并且尝试过 $('iframe').contents(),但我似乎对该对象根本没有权限.我还检查了 $('iframe').attr('src'),但它仍然是重定向前的 URL.还有别的办法吗?
That seems like something that might be safe enough to be allowed, but I haven't found a way to do it yet. I'm using jQuery, and I've tried $('iframe').contents(), but I seem to have no permissions at all on that object. I've also checked $('iframe').attr('src'), but it remains as the pre-redirect URL. Is there another way?
推荐答案
不,您无权访问 iframe 中的任何属性.您只能访问外部定位和样式属性.
No, you don't have access to any properties within an iframe. You only have access to the outer positioning and styling properties.
这就是框架使用起来如此痛苦的原因.我通常只在我不关心它们内部做了什么时才使用它们.
This is why frames are such a pain to work with. I usually only use them if I don't care what is done within them.
不能做服务器端认证和令牌传递吗?除了让客户端进行身份验证之外,您不能在您的服务器上进行身份验证吗?您可能需要做一些额外的工作来创建 HTTP 请求并解析响应,但可以避免任何 iframe 问题.
Can you not do a server-side authentication and token passing? Instead of having the client do the authentication, can you not do that on your server? You may need to do some extra work to create the HTTP request and parse the response, but you avoid any iframe issues.
最重要的是,对于身份验证等重要事项,iframe 可能不是最好的依赖(尤其是在跨浏览器功能方面).
Bottom line is iframes probably aren't the best to rely on(especially when it comes to cross-browser functionality) for important things like authentication.
这篇关于重定向后是否可以找到跨域 iframe 的新 URL?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
