Closed My6UoT9 closed 4 years ago
How to reproduce it?
Add in backend a script to head section which alters the current origin, I believe it is required to have 2 levels of subdomain for this, as I think its not possible to set it to the tld test
only.
So this is inserted in a page residing on admin.domain.test
:
<script>document.domain="domain.test";</script>
Then just load the page, I get a duplicated toolbar (after clicking on the toolbar - so it opens), and debugging with devtools, reveals that window.frameElement
returns null from the debug iframe.
Interesting. Seems I need to update my understanding of iframes. Will get back after reading docs from links provided.
Merged. Thanks!
When
document.domain
is set for cross-origin reasons,window.frameElement
can returnnull
. Comparingwindow.top
towindow
is safe, as when both objects are same it is no iframe.https://developer.mozilla.org/en-US/docs/Web/API/Window/frameElement https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy#Changing_origin