Chrome solution for document.domain
Document domain should be lowercase and the rules are like this:
// Actual domain is "www.foo.com" document.domain = "foo.com"; // this is valid // Actual domain is "bar.foo.com" document.domain = "www.foo.com"; // this is invalid, "bar.foo.com" is not a subdomain of "www.foo.com" // Actual domain is "blah.bar.foo.com" document.domain = "bar.foo.com" // Ok document.domain = "foo.com" // Still ok document.domain = "bar.foo.com" // Invalid, you can't change it back to a more specific domain.
document.domain
should work for iframes as long as you're on the same domain:
iframe=document.querySelector('iframe');console.log(iframe.contentDocument.domain)
If you're trying to access the document of an iframe that's on a different domain than the parent frame, you'll get the security error you're seeing.
Note that subdomains are considered different domains too, so you'll run into cross domain issues: A question about cross-domain (subdomain) ajax request