same-origin-policy

问题 I am trying to list the names of all the iframe s in a page, so I can access them through Selenium. The problem is that the name of the iframe changes each time, so I need to loop through all of them. I am getting: Uncaught DOMException: Blocked a frame with origin "http://localhost:8080" from accessing a cross-origin frame. error when I try to loop over them using: for (var f = 0; f < window.frames.length; f++) { console.log(window.frames[f].name) } Is there a way to get the name of the

问题 I want to develop JavaScript on my Windows machine. Do you know a browser where I can turn off Same Origin Policy so I can develop locally? Firefox would be optimal. Or if you know a proxy I could use for a SOAP/WSDL site it would be great too. I am trying to work with the JavaSCript SOAP Client. 回答1: UPDATE 6/2012: This used to work at the time of the writing, but obviously no more. Sorry. In Firefox (might apply to other Gecko-based browsers as well) you can use the following JavaScript

问题 I want to develop JavaScript on my Windows machine. Do you know a browser where I can turn off Same Origin Policy so I can develop locally? Firefox would be optimal. Or if you know a proxy I could use for a SOAP/WSDL site it would be great too. I am trying to work with the JavaSCript SOAP Client. 回答1: UPDATE 6/2012: This used to work at the time of the writing, but obviously no more. Sorry. In Firefox (might apply to other Gecko-based browsers as well) you can use the following JavaScript

问题 I need to request things and get information from other domains. I know javascript can not do this due to the same origin policy. My other option is to make proxy requests through my server. I do not want the requests coming from my server's IP nor do I want to create additional load for my server and would prefer the client do it. Is it possible to use a Java applet to do this? Manually configuring security settings is not an issue. 回答1: Java applets do implement the same origin policy, much

问题 I have a page where I need to dynamically create an iframe and stick it into a div on the page. I create the iframe like this: var frame = $('<iframe>') .attr('id', 'myIframe') .addClass('someClass') .appendTo($('#someDiv')); Depending on some condition, I need to either: A) set the iframe src to some other page OR B) dynamically add some HTML to the iframe. I have option A working fine, but option B is throwing security errors: if (someCondition) { // option A, works fine frame.attr('src',

问题 Let's say I have an HTML page, served up from example.com. It makes an javascript ajax request to targetServer.com Which server needs to return a Access-Control-Allow-Origin="(something)"? Is it the targetServer or the server that served up the original HTML page (i.e. example.com)? [I know this probably is obvious, but the docs on the web seem to imply the targetServer has to send and allow-origin header of "example.com" But if this is a security feature, wouldn't a malicious targetServer

问题 I would like to load an SVG into an object tag and access it's elements. Chrome does not allow this because of Same-Origin-Policy, even though I run this on a web server. The only workaround I could think of is uploading the image data to the server, saving it there as an image and then returning the url to this image. Run this snippet in Chrome and the console will show the error below it. <!DOCTYPE html> <html> <head> <script> window.onload = function() { var obj = document.querySelector('

问题 Let me provide some context first. I am working on a system that integrates with Microsoft SharePoint 2010, well not really SharePoint as a system but the virtual representation of it's filesystem, document libraries, etc... Users upload files to SharePoint, and my system monitors these files and indexes them into a search engine (including file content). User can interact with this system by means of REST interfaces. I have created a REST interface to fetch a file for the user corresponding

问题 The new Facebook Javascript SDK can let any website login as a Facebook user and fetch data of a user... So it will be, www.example.com including some Javascript from Facebook, but as I recall, that script is considered to be of the origin of www.example.com and cannot fetch data from facebook.com, because it is a violation of the "same origin policy". Isn't that correct? If so, how does the script fetch data? 回答1: From here: https://developer.mozilla.org/en/Same_origin_policy_for_JavaScript

问题 I have a page at an internal server, server1.mydomain.com/page.jsp and another page at a different internal server, 10.x.x.x:8081/page.aspx. On server1.mydomain.com, I set document.domain in page.jsp like this: //page.jsp on server1.mydomain.com document.domain = document.domain; When I issue an alert on document.domain, it comes up as server1.mydomain.com. On the 10.x.x.x server, I set document.domain in page.aspx, as a result, like this: //page.aspx on 10.x.x.x document.domain = "server1