Same-origin policy workaround using document.domain in Javascript
document.domain
allows the communication between frames/iframes. Not XHR.
<body><iframe src="http://bar.example.com/"></iframe><script> document.domain = 'example.com'; var ifr = document.getElementsByTagName('IFRAME')[0]; ifr.onload = function(e){ //will log the string "BODY" in the console console.log(ifr.contentWindow.document.body.tagName); };</script></body>
If you remove the line with document.domain
, reading the content of the contentWindow will throw the Same Origin Policy error.