问题
I have a page at an internal server, server1.mydomain.com/page.jsp and another page at a different internal server, 10.x.x.x:8081/page.aspx.
On server1.mydomain.com, I set document.domain in page.jsp like this:
//page.jsp on server1.mydomain.com
document.domain = document.domain;
When I issue an alert on document.domain, it comes up as server1.mydomain.com.
On the 10.x.x.x server, I set document.domain in page.aspx, as a result, like this:
//page.aspx on 10.x.x.x
document.domain = "server1.mydomain.com";
// test if same-origin policy violation occurs
document.getElementById("div_el").innerHTML = window.top.location.href;
In Safari 5.1.5, an error pops up on the console:
SECURITY_ERR: DOM Exception 18: An attempt was made to break through the security policy of the user agent."
From what I understand, when you set document.domain, the port number is set to null; so, you have to set it on both ends, which I did. Then, this error occurs and I'm scratching my head why. Does this have anything to do with the fact I'm using 10.x.x.x and not an actual domain name?
Thank you.
回答1:
You can only use document.domain to change from a more specific sub domain to a less specific domain. Like...
console.log(document.domain); // server1.mydomain.com
document.domain = 'mydomain.com'
console.log(document.domain); // mydomain.com
It can't be used to set to a more specific sub domain or to an entirely different domain.
回答2:
You can only set document.domain to its current value or to a super-domain of the current setting. Thus, a page at "foo.something.com" can set it to "something.com", but not "something.else.com".
来源:https://stackoverflow.com/questions/10034431/security-err-dom-exception-18-when-applying-document-domain-on-both-sites-how