While I was testing the SOP, i came to this scenario two documents has a relationship with the same domain as i would expected and it throws an error when i try to get the location.
To reproduce the problem:
- Open https://www.google.com
- from the console
let opened = window.open("https://www.google.com") - from the same window do
opened.location.toString()which will return the correct location - from the second tab's console do
document.domain = "www.google.com" -
from the first tab do
opened.location.toString()and you will get an errorUncaught DOMException: Blocked a frame with origin "https://www.google.com" from accessing a cross-origin frame. at <anonymous>:1:12
Can anyone explain this strange behavior?
from JavaScript document.domain Uncaught DOMException: Blocked a frame with origin
No comments:
Post a Comment