Login/Register
Does setting document.domain work in all (most) browsers?
Asked Answered
Solved javascriptbrowsercross-browser
E

3

17

The Same Origin Policy Documentation says this:

There is one exception to the same origin rule. A script can set the value of document.domain to a suffix of the current domain. If it does so, the shorter domain is used for subsequent origin checks. For example, assume a script in the document at http://store.company.com/dir/other.html executes the following statement:

document.domain = "company.com";

After that statement executes, the page would pass the origin check with http://company.com/dir/page.html. However, by the same reasoning, company.com could not set document.domain to othercompany.com.

Do all popular browsers support this? If not, which ones don't?

Eadwine answered 13/4, 2009 at 23:50 Comment(0)
G
19

Firefox 2,3, IE6,7,8, Chrome, and Safari 2 and 3, Opera 9 all support document.domain;

Other "newer" browsers likely will as well, however those are the ones that I've actually tested my code (which makes use of document.domain)

Ga answered 13/4, 2009 at 23:59 Comment(3)
@Alan: Thanks for the info. If you can share, what was your reason for doing so? I'm interested in making it easier to make AJAX-type requests to different machines, but I'm curious if there are other uses.Eadwine
keep in mind setting document.domain="string of the original page page was on" and document.domain=document.domain cause caos in IE6-7Ahmedahmedabad
Careful: This answer is outdated. See my answer down below for details.Generate
S
10

Document domain should be lowercase and the rules are like this 

// Actual domain is "www.foo.com" 
document.domain = "foo.com"; // this is valid 

// Actual domain is "bar.foo.com" 
document.domain = "www.foo.com"; // this is invalid, "bar.foo.com" is not a subdomain of "www.foo.com" 

// Actual domain is "blah.bar.foo.com" 
document.domain = "bar.foo.com" // Ok 
document.domain = "foo.com" // Still ok 
document.domain = "bar.foo.com" // Invalid, you can't change it back to a more specific domain.
Socialminded answered 20/3, 2012 at 11:21 Comment(1)
so should i add document.domain="sample.com" in both the server and application which is hosted in different domain?Fealty
G
1

Chromium Engine has deprecated the document.domain feature for security reasons as of version 115. Therefore at least Edge and Chrome will no longer support this feature fully.

The setter for document.domain was disabled and might be fully removed in the future.

See more details here: https://developer.chrome.com/blog/document-domain-setter-deprecation/

Generate answered 9/11, 2023 at 15:58 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.