javascript - 尝试重新加载框架时不安全的 JavaScript 尝试

Question

这很烦人。我试图做到这一点，以便当我按下 F5 时，框架会重新加载。我已经知道了，所以如果焦点在主页(而不是 iframe)上，它就可以工作。但是，当我尝试实现类似的解决方案或什至尝试与 iframe 通信时，我收到“不安全的 JavaScript 尝试访问框架”。更具体地说，确切的错误是:

Unsafe JavaScript attempt to access frame with URL http://www.spow.tk/projects/test from frame with URL http://spow.tk/projects/Explorer/02/. Domains, protocols and ports must match.

请帮忙，因为这真的很痛苦。 谢谢

Answer 1

这两个站点位于不同的域中。由于 Javascript 中的安全限制，您不能跨域编写脚本。查看Wikipedia或 Mozilla了解更多信息(引用 Mozilla 以防止链接失效):

The same origin policy prevents a document or script loaded from one origin from getting or setting properties of a document from another origin. This policy dates all the way back to Netscape Navigator 2.0.

Mozilla considers two pages to have the same origin if the protocol, port (if one is specified), and host are the same for both pages. The following table gives examples of origin comparisons to the URL http://store.company.com/dir/page.html:

URL                                                 Outcome   Reason
http://store.company.com/dir2/other.html            Success  
http://store.company.com/dir/inner/another.html Success  
https://store.company.com/secure.html           Failure   Different protocol
http://store.company.com:81/dir/etc.html            Failure   Different port
http://news.company.com/dir/other.html          Failure   Different host

There is one exception to the same origin rule. A script can set the value of document.domain to a suffix of the current domain. If it does so, the shorter domain is used for subsequent origin checks. For example, assume a script in the document at http://store.company.com/dir/other.html executes the following statement:

document.domain = "company.com"; After that statement executes, the page would pass the origin check with http://company.com/dir/page.html. However, by the same reasoning, company.com could not set document.domain to othercompany.com.

Port number is kept by the browser separately. Any call to the setter, including document.domain = document.domain causes the port number to be overwritten with null. Therefore one can not make company.com:8080 talk to company.com by only setting document.domain = "company.com" in the first. It has to be set in both so that port numbers are both null.