Unable to load iframe in sandbox environment
Asked Answered
H

2

14

I am trying to load iframe with sandbox enabled in my webpage but it is showing error:

An error occured while loading the pad Uncaught SecurityError: Failed to set the 'domain' property on 'Document': Assignment is forbidden for sandboxed iframes.

The code for embedding iframe is:

<iframe 
    id="iframe1" 
    name="iframe1" 
    src="http://localhost:9002/p/6dN6dkWRmd" 
    height="700px" width="500px" 
    sandbox="allow-scripts allow-top-navigation">
</iframe>

In the iframe javascript i found that this code is throwing error:

if ((!browser.msie) && (!(browser.mozilla && browser.version.indexOf("1.8.") == 0))) { document.domain = document.domain; // for comet }

Can someone please explain what this document.domain is doing and what should I do to run this iframe in sandbox environment?

Note: Without sandbox it is working fine.

Helenehelenka answered 20/12, 2015 at 7:58 Comment(1)
#1481751Stlouis
V
0

I expect the problem is that you iframe is on localhost, try using another domain, even if it is just pointing back to your local machine.

Vanzant answered 29/5, 2021 at 13:45 Comment(0)
D
0

From "Document.domain - Web APIs | MDN"

Note that setting document.domain to its current value is not a no-op. It still changes the origin. For example, if one page sets
          document.domain = document.domain;
then it will be counted as cross-origin from any other normally-same-origin pages that have not done the same thing.

This should let the iframe page be treated as cross domain even if they are on the same domain.

Check CORS (cross origin) and CSRF (cross site request forgery).

Darrow answered 15/7, 2021 at 19:26 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.