Using <Iframe> for cross-domain communication

Source: Internet
Author: User
Tags subdomain

What is an IFRAME

IFrame is our usual iframe tag:<iframe>. IFRAME tags are a form of the framework, also more commonly used, the IFRAME is generally used to include other pages, such as we can load other sites on our own website or other pages of the site content.

There are many uses of iframe , so let's say one of the more useful uses of IFRAME----cross-domain communication

Suppose that there are two systems a,b:a a certain page of the system is a part of the display of the content is B system, how to do?

<div class= "Modal-body" id= "Housekeeperbody" >

<iframe src= "" name= "OpenartDialog14577934462321" frameborder= "0 "Allowtransparency=" true "style=" width:900px; height:565px; border:0px none; " >

This is the page you want to load.


Here the core property of the IFRAME is "src" it represents the page you want to refer to a request (here the SRC is actually a request to the B system, B will return you an HTML, if the B system is another responsible, then about the other side of the request you do not have to care about). Like other HTML tags, it has some other properties, such as the Name,height,style of the column, and so on.

There is a problem reading here.

JavaScript is not allowed to invoke objects of other pages across domains for security reasons. But the security restrictions also bring a lot of trouble to inject IFRAME or AJAX applications. Here are some simple things to sort out about cross-domain issues:

First what is cross-domain, simple to understand is because of the JavaScript homologous policy limitations, domain name JS can not operate B.Com or under the domain name of the object. A more detailed explanation can be seen in the following table:


Description whether to allow communication /b.js
under the same domain name allow
different folders under the same domain name allow
Same Domain name, different port does not allow
same domain name, different protocol not allowed
domain name and domain name corresponding IP not allowed
HT Tp://
primary domain same, subdomain different not allowed
http://www.a.c Om/a.js
same domain name, different level two domain name (ibid.) not allowed (cookies are not allowed in this case)
different domain names do not allow

First, if it is a cross-domain problem caused by protocol and port "front desk" is powerless,

Second: On a cross-domain issue, the domain is only identified by the "header of the URL" and does not attempt to determine whether the same IP address corresponds to two domains or two domains on the same IP.
The "header of the url" refers to Window.location.protocol, which can also be understood as "Domains, protocols and ports must match".

My solution is: document.domain+iframe settings

for examples where the primary domain is the same and the subdomain is different, it can be resolved by setting the Document.domain method . Specifically, the and two files can be added document.domain = ' ' And then create an IFRAME in the a.html file to control the contentdocument of the IFRAME so that the two JS files can "interact" with each other.

Using <Iframe> for cross-domain communication

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.