Access parent URL from iframe

by

Yes, accessing parent page’s URL is not allowed if the iframe and the main page are not in the same (sub)domain. However, if you just need the URL of the main page (i.e. the browser URL), you can try this:

var url = (window.location != window.parent.location)
            ? document.referrer
            : document.location.href;

Note:

window.parent.location is allowed; it avoids the security error in the OP, which is caused by accessing the href property: window.parent.location.href causes “Blocked a frame with origin…”

document.referrer refers to “the URI of the page that linked to this page.” This may not return the containing document if some other source is what determined the iframe location, for example:

  • Container iframe @ Domain 1
  • Sends child iframe to Domain 2
  • But in the child iframe… Domain 2 redirects to Domain 3 (i.e. for authentication, maybe SAML), and then Domain 3 directs back to Domain 2 (i.e. via form submission(), a standard SAML technique)
  • For the child iframe the document.referrer will be Domain 3, not the containing Domain 1

document.location refers to “a Location object, which contains information about the URL of the document”; presumably the current document, that is, the iframe currently open. When window.location === window.parent.location, then the iframe’s href is the same as the containing parent’s href.

More Related Contents:

  1. cross-domain iframe resize
  2. javascript access parent DOM across domains?
  3. How do I implement Cross Domain URL Access from an Iframe using Javascript?
  4. Unsafe JavaScript attempt to access frame with URL
  5. How can I access the DOM elements within an iFrame
  6. How is it possible for an iframe to access its parents DOM?
  7. How can two instances of a userscript communicate between frames?
  8. how to resolve iframe cross domain issue [duplicate]
  9. Cross sub domain iframes and JavaScript
  10. iframe not reading cookies in Chrome
  11. Cross domain iframe content load detection
  12. Get element from within an iFrame
  13. Calling a parent window function from an iframe
  14. How to communicate between iframe and the parent site?
  15. Getting around X-Frame-Options DENY in a Chrome extension?
  16. Redirect parent window from an iframe action
  17. how to access iFrame parent page using jquery?
  18. CORS error on same domain?
  19. Firefox ‘Cross-Origin Request Blocked’ despite headers [closed]
  20. How can I detect whether an iframe is loaded?
  21. Detect click event inside iframe
  22. Nested iframes, AKA Iframe Inception
  23. Detect mousemove when over an iframe?
  24. ‘load’ event not firing when iframe is loaded in Chrome
  25. Access child iFrame DOM from parent page
  26. How to use HTTP.GET in AngularJS correctly? In specific, for an external API call?
  27. How can I handle errors in loading an iframe?
  28. EasyXDM: download files from 3rd party service
  29. Why won’t this JavaScript (using document.open and document.write) work in Internet Explorer or Opera?
  30. Youtube embed: Unsafe JavaScript attempt to access frame

Leave a Comment