Change window location href in subdomain iframe - javascript

I have a.example.com and b.example.com;
When I put b.example.com/foo as iframe in a.example.com:
<iframe src='b.example.com/foo'></iframe>`
the window.location.href value accessible from b.example.com is ... a.example.com/foo (??)...
The problem is - I use an external library in b.example.com/foo that checks for window.location.href and it gets incorrect information.
For this scenario it appears to me that I should iframe /foo content on a completely different domain like:
anotherexample.com/foo, where the window.location.href would actually point to anotherexample.com/foo.
How can I force window object in iframe to actually use its subdomain instead of parent domain with added parameter?

Are you sure you are using your script in the right subdomain? it seems your external library is accessing parent window using window.parent.location, here is a code to check if a page is loaded directly or within another page:
var is_loaded_directly = (window.location == window.parent.location);
Since this code works, something is wrong on your setup or library.
Note: maybe you can solve your issue by checking document.location instead of window.location.

Related

Can I get the current URL without an address bar?

I use the code below to get the current url, and the hash ID it has after the forward slash for my domain. I would like to get the current URL of a page loaded in an iframe which means there's no address bar of course. How would I go about doing this?
the code I'm using now:
var currentURL = (document.URL);
var part = currentURL.split("SLASH")[1];
alert(part); // alerts "XdAs2" !!!
For security reasons, you can only get the url for as long as the contents of the iframe, and the referencing javascript, are served from the same domain. As long as that is true, something like this will work:
document.getElementById("iframe_id").contentWindow.location.href
If the two domains are mismatched, you'll run into cross site reference scripting security restrictions.
if it's an iframe using jquery you can do
$('iframe').attr('src')
example :
http://jsfiddle.net/aFX8b/
The current URL is always in window.location, be it inside an iframe or in the root frame of the browser. The window object always refers to the current viewport.
Demonstration.

Redirecting from a page when not accessed via an iframe without using JavaScript?

I need to redirect users if they try and access certain pages directly, i.e. not via the iframe I've provided. This is to stop them accessing other users' areas.
All the solutions I've found (which work, btw) use JavaScript - the current working script I have is
if (top == self) {
var newURL = 'http://www.exampleurlhere.co.uk/'
window.setTimeout('GotoIndex()',0);
}
function GotoIndex() { top.location.href = newURL; }
However, this will of course only work if the user has JavaScript enabled, which kind of scuppers me. Is there a way to achieve this server-side? I'm using aspx.
Thanks, Oli.
You can't check it severside as IFrame requests (in general) are no different from any other HTTP request. You can however use a GET parameter to indicate this is an IFrame
<iframe src="mypage?iframe=yes"></iframe>
Obviously this solution will only work if you're in control of the code that contains the IFrame, otherwise there is no way to do it server-side.

Update URL from inside an iFrame

is it possible for javascript inside an iFrame to update the URL (hash) of the parent page (and retrieve it)
Does it have any permissions?
To further explain, I have no hosting for this domain, I can only set up an Iframe. I also cannot use a DNS config to get that page to display because of limitations of my hoster.
I also cannot transfer the domain to them to make that work because my clients wants to keep control of the domain.
Thank you for your help!
If the <iframe> page is within the same domain, probably yes. Otherwise you don't get access to the parent page due to cross-domain restrictions.
You can change the URL of the parent page though:
top.location.href = 'http://www.example.com';
due to security constraints you will not be able to access properties of the parent window IF the domain,port or protocol is different than the one in the iframe.
To be short, the answer is NO.
Your script works only inside the context of that iframe.
If you try for example,
var loc = document.location;
you will see what I mean.
One solution is that when you give the other side your iframe, you should add a script in witch you can do whatever you want, because it runs on their domain.
Maybe dynamically create the source of your iframe and stuff.

Javascript cross domain problem

Our website gives a widget to be installed in pages (a piece of Javascript that writes an iframe element and inside it renders things and you see rss, images, and other stuff).
I need, after the user do some stuff, to redirect the page (where the widget is) to another location, but using top.document.location is forbidden since the page and the iframe generated by the widget are in different location, and using window.open is usually blocked by popup blockers.
How can i do it ?
Try:
window.location.href = "url";
Although reading properties from the top window is disallowed, some of them are open to writing - and one of these are location.
Simply do
top.location = "http://foo/bar";
and it will redirect just fine.

get parent.location.url - iframe - from child to parent

I got a page that is displayed within an iframe.
I need to get the parent.location.url with js from that page (child page).
Both sites are in different domains.
I'm trying:
alert(parent.location.url)
But I get this error:
Permission denied for http://parentdomain to get property Location.URL from http://childdomain.
???? Is it possible?
try this:
var referrer = document.referrer;
alert(referrer);
What you're trying to do isn't possible per se. Unless you have control over the parent page's calling of the child page. If you do, then you can call the child page with a get statement in the URL of the parent page. So if you parent page is http://parentpage.com then here's how you should call the iFrame.
<iframe src='http://childpage.com/?parent=http://parentpage.com' />
Then all you have to do in the child page to get the reference is get the string with
window.location.search //not sure of browser compatibility with this
and extract the parent page's URL by grabbing it out of that string. I'd give more details, but I'm not even sure about the first question I had.
Have you tried something like:
alert(window.top.location.href);
You'll be able to find it like this, and all browsers should be able to support it:
query = window.parent.location.search.substring(1);
You shouldn't get permission errors with this, but I may be wrong.
It will only work if the parent page and the iframe are on the same domain. If they are not on the same domain you can try passing the location through the src, like Madison Williams suggested.
That is probably why you are getting "Permission denied..."
Use postMessage to pass data back and forth between the windows. It's a little klunky, but required when having windows communicate across origins.
Try:
var pathname = window.parent.location.href
alert(window.top.location.href);
This works fine. To get the source URL from child (iframe) to parent.

Categories