Can an iframe specify a whitelist of domains that can access its innerHTML, contentWindow, contentDocument etc?

Question

Can an iframe specify a whitelist of domains that can access its innerHTML, contentWindow, contentDocument etc?

1.1k views Asked by sktguha At 26 August 2020 at 09:06

Can a iframe specify a whitelist of domains that can access its innerHTML, contentWindow, contentDocument etc ?

what I mean is for example

<body>
<iframe src="someotherdomain.com" id="frame"/>
</body>
<script>
console.log(document.getElementById('frame').contentWindow.someProp);
//this would fail, as its cross domain iframe
</script>

what if the iframe can specify in its response header similar to x-frame-allow, a whitelist of domains/patterns that are allowed to access its innerHTML, contentWindow etc. Is there any early stage such proposal/RFC in progress or has this been discussed before?

Original Q&A

There are 1 answers

**Srini Karthikeyan** · Answer 1 · 2020-08-30T02:36:42+00:00

Srini Karthikeyan On 30 August 2020 at 02:36

Try setting response headers Access-Control-Allow-Origin: *.domain.com which would allow Cross-Origin Resource Sharing (CORS)

Refer:https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin

TechQA.

Can an iframe specify a whitelist of domains that can access its innerHTML, contentWindow, contentDocument etc?

There are 1 answers

Related Questions in JAVASCRIPT

Related Questions in HTML

Related Questions in IFRAME

Related Questions in CROSS-DOMAIN-POLICY

Popular Questions

Popular Tags

Trending Questions