跨域脚本在同一个域，不同的子域上 [英] Cross site scripting on the same domain, different sub domains

问题描述

我有一个iframe我正在使用第三方供应商托管的某些内容到我们的网站。我们正在尝试确定该内容的高度以调整iframe高度，但我收到了跨站点脚本错误。我不知道子域名算作跨站点。有没有办法解决这个问题而不必将它们保留在匹配的子域上？

I have an iframe I'm using to pull in some content hosted by a 3rd party vendor to our website. We are trying to determine the height of that content to adjust the iframe height but I'm getting cross site scripting errors. I wasn't aware that sub-domains count as a cross-site. Is there some way around this without having to keep them on matching sub-domains?

作为参考，我们的每周营销由闪存中的第三方供应商托管，但我们可以将子域重定向到他们，同时将用户保留在我们的域名中以获取cookie目的。

For reference, our weekly marketing is hosted by the 3rd party vendor in flash but with the sub-domain we can redirect to them while keeping the user on our domains for cookie purposes.

推荐答案

从您的某个子域中，您可以（有一些例外）将域设置为允许更广泛地访问其他子域相同的主域名。

From one of your subdomains, you can (with some exceptions) set the domain to allow broader access to other subdomains in the same main domain.

看一下这个页面：
http://www.tomhoppe.com/index.php/2008/03/cross-sub-domain-javascript- ajax-iframe-etc /

这篇关于跨域脚本在同一个域，不同的子域上的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！