Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Cross-Domain Iframe source--how is is checked?

Status
Not open for further replies.
jsteph

jsteph

Technical User
Oct 24, 2002
2,562
US
I understand that one can't have an Iframe's source from a different domain as the parent page. My question is--is this checked against the URL or does the checking mechanism first resolve down to the IP address and check that?

For instance, on an intranet, would an iframe source of:
be ok if the user was on the main page of:
(assuming companyname.com is the fully qualified path of 'servername')

Thanks,
--Jim
 
Sort by date Sort by votes
Are you saying that a page with a different domain name can't load into an iframe? I just checked a site where I used that and the page works fine. It's a real estate agent's site where a search feature is hosted with a completely different domain, and it's loaded in an iframe on her site.

Lee
 
Upvote 0 Downvote
I'm not sure I've got the terminoligy right, but I'd always heard that it was built into the lowest level of the 'specs' for html, or browsers, or whatever, that you couldn't have the .source of an Iframe be anything not on the same domain.

I know that there's some setting in IE Security preferences that says 'Access data sources across domains'. I'm not sure if that's the same thing.

Anyway, the bottom line is that I changed a bunch of peoples shortcuts for one of our intranet websites to include the fully qualified server.domain/page. Now some of them--not all--get the 'Error On Page', and the details say 'Permission Denied'. The line # referenced is an xmlhttp object's Get method in javascript, which has a url as an argument. The url is in the same domain, but does not have the fully qualified name, though it always worked fine before.
--Jim
 
Upvote 0 Downvote
As far as I know (limited experience writing pages with that, but I've seen a few dozen like that on other sites), you can pretty much use any URL in a frame whether it's in the top domain or not. It could well be that a security setting in the browser would limit that. What I referred to uses a src="" in the frame tag, not AJAX to get the frame contents.

Lee
 
Upvote 0 Downvote
You can have an iframe showing the contents of a page from another domain, but you cannot programatically access those contents.

Cheers,
Dian
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SamBones
  • Locked
  • Question
Chrome Issue with Third Party App
Replies
0
Views
194
SamBones
SamBones
Sebastian42
  • Locked
  • Question
Firefox library is blank and just an icon
Replies
2
Views
141
Sebastian42
Sebastian42
Tedwhite
  • Locked
  • Question
How To Fix Firefox Freezing Issue In Windows 10?
Replies
2
Views
226
Tedwhite
Tedwhite
max8699
  • Locked
  • Question
Cannot open chrome if an Office 365 program is running
Replies
0
Views
115
max8699
max8699
MBTC
  • Locked
  • Question
Chrome Issue
Replies
3
Views
155
MarkSweetland
MarkSweetland

Part and Inventory Search

Sponsor

Back
Top