Home >Web Front-end >JS Tutorial >Can Iframes Access the Parent Page's URL Across Subdomains?
Accessing Parent URL from an Iframe
Despite residing on the same domain, the inability to retrieve the parent page's URL via an iframe often arises when the subdomains differ. This behavior prompts the question: does cross-site scripting (XSS) extend to subdomains?
Understanding the Restriction
The answer lies in the browser's security measures. Even though the main page and iframe share a domain (e.g., www.mysite.com), the subdomain distinction (e.g., www vs. qa-www) falls under different "origins." This separation prevents malicious actors from accessing and manipulating data across different websites and their subdomains.
Alternative Solution
While direct access to the parent page's URL is restricted due to XSS concerns, an alternative approach can provide the necessary information. To obtain the URL of the parent page (i.e., the browser URL), the following code can be used:
var url = (window.location != window.parent.location) ? document.referrer : document.location.href;
Note:
The above is the detailed content of Can Iframes Access the Parent Page's URL Across Subdomains?. For more information, please follow other related articles on the PHP Chinese website!