从Iframe调用父窗口方法(不同) [英] Calling parent window method from Iframe (different)
问题描述
我在域名中有一个页面:
I have a page on a domain:
http://main.mydomain.com/frame.cfm ,其中包含iframe,
加载域 http://www.anotherdomain.com 。
http://main.mydomain.com/frame.cfm which holds an iframe, loading a domain http://www.anotherdomain.com.
此页 http://www.anotherdomain.com 有一个脚本参考 http:// sub.mydomain.com/somescript.js
此somescript是一个跟踪脚本,如google Analytics,它随www.anotherdomain.com的每个请求一起加载。
This somescript is a tracking script like google Analytics, which loads with each request of www.anotherdomain.com.
在某个阶段,脚本 http:/ www.anotherdomain.com页面中的/sub.mydomain.com/somescript.js 将尝试调用 window.top.aFunction();或者parent.aFunction();
At a certain stage, the script http://sub.mydomain.com/somescript.js in the page www.anotherdomain.com will try to call window.top.aFunction(); or parent.aFunction();
使父窗口做某事。
我知道X-Frame-Options和Access-Control-Allow-Origin标题并尝试了两者,但是当我在www.anotherdomain.com上浏览我的iframe时,我在Firebug中收到一条错误消息告诉我:
I know about the X-Frame-Options and the Access-Control-Allow-Origin header and tried both, but still when I browse in my iframe on www.anotherdomain.com I get a error message in Firebug telling me:
Error: Permission denied to access property 'relocate'window.top.aFunction();
在main.domain网站上的web.config中,我有以下规则:
In my web.config on the main.domain site i have the following rules:
<httpProtocol>
<customHeaders>
<add name="Access-Control-Allow-Origin" value="http://sub.mydomain.com" />
<add name="X-Frame-Options" value="ALLOW-FROM http://sub.mydomain.com" />
</customHeaders>
</httpProtocol>
我认为应该授予sub.mydomain.com访问main.mydomain脚本的权限。 com。
Which in my opinion should grant the sub.mydomain.com access to the script on main.mydomain.com.
我正在测试除了本地电脑上的www.anotherdomain.com以外的所有域名,并附有主机参考。
I am testing this with all the domains except the www.anotherdomain.com locally on my pc with host reference in place.
知道我在这里缺少什么吗?
Any idea what I am missing here?
推荐答案
你无法访问父窗口函数的方法通过跨域iFrame。这违反了同源政策。 X-Frame
http标头响应告诉浏览器是否允许在iFrame中呈现页面并且对您的情况没有帮助。
You can't access the parent window function's methods through a cross domain iFrame. It goes against the Same Origin Policy . The X-Frame
http header response tells the browser whether it is allowed to render a page in the iFrame and does not help your situation.
我建议的解决方案是使用 window.postMessage()
在两个帧之间进行通信。请查看 http://ejohn.org/blog/cross-window-messaging/
The solution I recommend is to use window.postMessage()
to communicate between the two frames. Look at http://ejohn.org/blog/cross-window-messaging/
这篇关于从Iframe调用父窗口方法(不同)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!