Iframe is on test.com and throws a request to ca.test.com

I want to access the content:

iframe = $('#deposit') iframe.contents()

Mistake:

Uncaught DOMException: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin " https://www.test.com " from accessing a cross-origin frame. (...)

Nginx settings:

 server { server_name test.com; add_header Access-Control-Allow-Origin ca.test.com; # < this is the needed header # rest of the configuration }

Where is the mistake?

    1 answer 1

    According to the description in Wikipedia , if you are from a script that has “origin” ( www.test.com ) (this name appears in the text of the error), you try to contact ca.test.com , then the server that serves ca.test.com , must issue a “permission” for www.test.com — return the access-control-allow-origin header containing the value of www.test.com .

    and for greater reliability, you can include test.com in the header.

    i.e., the nginx configuration for servicing the site ca.test.com should look something like this:

     server { server_name ca.test.com; add_header 'Access-Control-Allow-Origin' 'test.com www.test.com'; # остальная конфигурация }

    although, in fact, it is logical to add this header only if there is an origin header in the request.

    • Cors only for xhr requests. Access to the frame content is controlled by the ancient document.domain - Alexey Ten