#StackBounty: #javascript #dom #same-origin-policy JavaScript document.domain Uncaught DOMException: Blocked a frame with origin

Bounty: 50

While I was testing the SOP, i came to this scenario two documents has a relationship with the same domain as i would expected and it throws an error when i try to get the location.

To reproduce the problem:

  1. Open https://www.google.com
  2. from the console let opened = window.open("https://www.google.com")
  3. from the same window do opened.location.toString() which will return the correct location
  4. from the second tab’s console do document.domain = “www.google.com”
  5. from the first tab do x.location.toString() and you will get an error
    Uncaught DOMException: Blocked a frame with origin "https://www.google.com" from accessing a cross-origin frame.
    at <anonymous>:1:12
    

Can anyone explain this strange behavior?


Get this bounty!!!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.