Access parent URL from iframe

Question

Okay  I have a page on and on this page I have an iframe   What I need to do is on the iframe page  find out what the URL of the main page is    I have searched around and I know that this is not possible if my iframe page is on a different domain  as that is cross-site scripting  But everywhere I ve read says that if the iframe page is on the same domain as the parent page  it should work if I do for instance   parent document location     parent window document location     parent window location     parent document location href       or other similar combos  as there seems to be multiple ways to get the same info    Anyways  so here s the problem   My iframe is on the same domain as the main page  but it is not on the same SUB domain   So for instance I have     http    www mysite com pageA html   and then my iframe URL is      http    qa-www mysite com pageB html   When I try to grab the URL from pageB html  the iframe page   I keep getting the same access denied error   So it appears that even sub-domains count as cross-site scripting  is that correct  or am I doing something wrong

User · Answer

This worked for me to access the iframe src url   window document URL

User · Answer

I know his is super old but it blows my mind no one recommended just passing cookies from one domain to the other  As you are using subdomains you can share cookies from a base domain to all subdomains just by setting cookies to the url  basedomain com   Then you can share whatever data you need through the cookies

User · Answer

I just discovered a workaround for this problem that is so simple  and yet I haven t found any discussions anywhere that mention it   It does require control of the parent frame   In your iFrame  say you want this iframe  src  http   www example com mypage php   Well  instead of HTML to specify the iframe  use a javascript to build the HTML for your iframe  get the parent url through javascript  at build time   and send it as a url GET parameter in the querystring of your src target  like so    lt script type  text javascript  gt    url   parent document URL    document write   lt iframe src  http   example com mydata page php url     url      gt  lt  iframe gt      lt  script gt    Then  find yourself a javascript url parsing function that parses the url string to get the url variable you are after  in this case it s  url    I found a great url string parser here  http   www netlobo com url query string javascript html

User · Answer

I couldnt get previous solution to work but I found out that if I set the iframe scr with for example http otherdomain com page htm from thisdomain com thisfolder then I could  in the iframe extract thisdomain com thisfolder by using following javascript   var myString   document location toString    var mySplitResult   myString split       fromString   mySplitResult 1

User · Answer

For pages on the same domain and different subdomain  you can set the document domain property via javascript   Both the parent frame and the iframe need to set their document domain to something that is common betweeen them   i e  www foo mydomain com and api foo mydomain com could each use either foo mydomain com or just mydomain com and be compatible  no  you can t set them both to com  for security reasons      also  note that document domain is a one way street   Consider running the following three statements in order      assume we re starting at www foo mydomain com document domain    foo mydomain com     works document domain    mydomain com     works document domain    foo mydomain com     throws a security exception   Modern browsers can also use window postMessage to talk across origins  but it won t work in IE6  https   developer mozilla org en DOM window postMessage

User · Answer

You re correct  Subdomains are still considered separate domains when using iframes  It s possible to pass messages using postMessage       but other JS APIs are intentionally made inaccessible   It s also still possible to get the URL depending on the context  See other answers for more details

User · Answer

In chrome it is possible to use location ancestorOrigins It will return all parent urls

User · Answer

Yes  accessing parent page s URL is not allowed if the iframe and the main page are not in the same  sub domain  However  if you just need the URL of the main page  i e  the browser URL   you can try this   var url    window location    window parent location                document referrer               document location href    Note   window parent location is allowed  it avoids the security error in the OP  which is caused by accessing the href property  window parent location href causes  Blocked a frame with origin      document referrer refers to  the URI of the page that linked to this page   This may not return the containing document if some other source is what determined the iframe location  for example    Container iframe   Domain 1 Sends child iframe to Domain 2 But in the child iframe    Domain 2 redirects to Domain 3  i e  for authentication  maybe SAML   and then Domain 3 directs back to Domain 2  i e  via form submission    a standard SAML technique  For the child iframe the document referrer will be Domain 3  not the containing Domain 1   document location refers to  a Location object  which contains information about the URL of the document   presumably the current document  that is  the iframe currently open  When window location     window parent location  then the iframe s href is the same as the containing parent s href

User · Answer

Get All Parent Iframe functions and HTML  var parent     window frameElement  parent              alert parent  TESTING            var parentElement window frameElement parentElement parentElement parentElement parentElement          var Ifram parentElement children                var GetUframClass Ifram 9  ownerDocument activeElement className          var Decision URLLl parentElement ownerDocument activeElement contentDocument URL

User · Answer

The problem with the PHP   SERVER  HTTP REFFERER   is that it gives the fully qualified page url of the page that brought you to the parent page  That s not the same as the parent page  itself  Worse  sometimes there is no http referer  because the person typed in the url of the parent page  So  if I get to your parent page from yahoo com  then yahoo com becomes the http referer  not your page

User · Answer

there is a cross browser script for get parent origin  private getParentOrigin       const locationAreDisctint    window location     window parent location     const parentOrigin     locationAreDisctint   document referrer   document location      quot  quot   toString       if  parentOrigin        return new URL parentOrigin  origin         const currentLocation   document location     if  currentLocation ancestorOrigins  amp  amp  currentLocation ancestorOrigins length        return currentLocation ancestorOrigins 0          return  quot  quot      This code  should work on Chrome and Firefox

User · Answer

If your iframe is from another domain   cross domain   you will simply need to use this   var currentUrl   document referrer    and - here you ve got the main url

User · Answer

I ve found in the cases where   SERVER  HTTP REFERER   doesn t work  I m looking at you  Safari     SERVER  REDIRECT SCRIPT URI   has been a useful backup

User · Answer

var url    window location    window parent location    document referrer  document location    I found that the above example suggested previously worked when the script was being executed in an iframe however it did not  retrieve the url when the script was executed outside of an iframe   a slight adjustment was required   var url    window location    window parent location    document referrer  document location href

User · Answer

Try it   document referrer   When you change you are in a iframe your host is  referrer

User · Answer

I ve had issues with this   If using a language like php when your page first loads in the iframe grab   SERVER  HTTP REFFERER   and set it to a session variable   This way when the page loads in the iframe you know the full parent url and query string of the page that loaded it   With cross browser security it s a bit of a headache counting on window parent anything if you you different domains

User · Answer

The following line will work  document location ancestorOrigins 0  this one returns the ancestor domain name

[javascript] Access parent URL from iframe

Examples related to javascript

Examples related to iframe

Examples related to cross-domain