SECURITY_ERR: DOM Exception 18 when applying document.domain on both sites. How do I resolve this?

Asked 5/4, 2012 at 19:1 Answered 5/4, 2012 at 19:9

Solved javascript cross-domain user-agent same-origin-policy domexception

I have a page at an internal server, server1.mydomain.com/page.jsp and another page at a different internal server, 10.x.x.x:8081/page.aspx.

On server1.mydomain.com, I set document.domain in page.jsp like this:

//page.jsp on server1.mydomain.com
document.domain = document.domain;

When I issue an alert on document.domain, it comes up as server1.mydomain.com.

On the 10.x.x.x server, I set document.domain in page.aspx, as a result, like this:

//page.aspx on 10.x.x.x
document.domain = "server1.mydomain.com";
// test if same-origin policy violation occurs
document.getElementById("div_el").innerHTML = window.top.location.href;

In Safari 5.1.5, an error pops up on the console:

SECURITY_ERR: DOM Exception 18: An attempt was made to break through the security policy of the user agent."

From what I understand, when you set document.domain, the port number is set to null; so, you have to set it on both ends, which I did. Then, this error occurs and I'm scratching my head why. Does this have anything to do with the fact I'm using 10.x.x.x and not an actual domain name?

Thank you.

Cesya answered 5/4, 2012 at 19:1 Comment(0)

You can only use document.domain to change from a more specific sub domain to a less specific domain. Like...

console.log(document.domain); // server1.mydomain.com

document.domain = 'mydomain.com'

console.log(document.domain); // mydomain.com

It can't be used to set to a more specific sub domain or to an entirely different domain.

Resident answered 5/4, 2012 at 19:1 Comment(3)

So, if I change both to mydomain.com, provided both servers are on mydomain.com, it would work? Say I have server1.subdomain.mydomain.com and server2.subdomain.mydomain.com. If I set both to mydomain.com, would it work? – Cesya 5/4, 2012 at 19:32

@user717236: If the client's page is hosted from mydomain.com, you won't be able to make AJAX requests to server1.subdomain.mydomain.com or server2..., and using document.domain won't help. But if the opposite is true, and the client's page is hosted for example from server1.subdomain.mydomain.com, you can use document.domain so that you'll be able to make requests to mydomain.com. – Resident 5/4, 2012 at 19:37

Oh, I see. So, in my case, I don't think it will work, because the pages are effectively hosted at hostname.subdomain.mydomain.com. If one was serverX.mydomain.com and the other was serverY.subdomain.mydomain.com, then I could do something with it. Back to the drawing board. Thank you for your help. – Cesya 5/4, 2012 at 19:40

You can only set document.domain to its current value or to a super-domain of the current setting. Thus, a page at "foo.something.com" can set it to "something.com", but not "something.else.com".

Hexose answered 5/4, 2012 at 19:9 Comment(1)

Thank you for your help. Yes, I think I understand it a bit better, now. These two hosts cannot communicate with each other with document.domain, as it is set up. I'll have to think of something else. Thanks again. – Cesya 5/4, 2012 at 19:42

Recommended topics

Hot tags