I need to print a PDF... But I get an error
Is there a workaround? I just need to print a PDF file with one click
error:
Uncaught SecurityError: Blocked a frame with origin "https://secure.domain.com" from accessing a frame with origin "https://cdn.domain.com". Protocols, domains, and ports must match.
code:
var iframe = $('<iframe src="'+url+'" style="display:none"></iframe>').appendTo($('#main')).load(function(){
iframe.get(0).contentWindow.print();
});
The error you are dealing with is related to cross-domain protection and the same-origin policy.
In your case, you can print an cross-domain iframe if you nest this iframe in another local iframe that we can call a proxy iframe.
Since the proxy iframe is local and have the same origin, you can print it without any issue and it'll also print the cross-domain iframe.
See below for an example:
index.html (container)
$(function() {
var url = 'proxy.html'; // We're not loading the PDF but a proxy which will load the PDF in another iframe.
var iframe = $('<iframe src="' + url + '"></iframe>').appendTo($('#main'));
iframe.on('load', function(){
iframe.get(0).contentWindow.print();
});
});
proxy.html (proxy)
<body>
<iframe src="http://ANOTHER_DOMAIN/PDF_NAME.pdf"></iframe>
</body>
With this solution, you no longer have cross-domain issues and you can use the print() function. The only things you need to deal with are a way to pass the PDF url from the container to the proxy and a way to detect when the iframe with the PDF is actually loaded but these depends on the solution / languages you're using.
I needed to print a PDF embedded through a data:application/pdf;base64,… iframe, and I ran into the same cross-origin issue.
The solution was to convert the Base64 contents that I had into a blob, and then use put blob's object URL into the iframe src. After doing that I was able to print that iframe.
I know link-only answers are discouraged, but copying someone else's answers into my own didn't feel right either.
There is a workaround for this.
Create an endpoint in your server to return the HTML content of the external url. (because you can't get external content from the browser - same-origin policy)
Use $.get to fetch the external content from your URL and append it to an iframe.
Something similar to this:
HTML:
<div id="main">
<iframe id="my-iframe" style="display:none"></iframe>
</div>
JS:
$.get('https://secure.domain.com/get-cdndomaincom-url-content', function(response) {
var iframe = $('#my-iframe')[0],
iframedoc = iframe.contentDocument || iframe.contentWindow.document;
iframedoc.body.innerHTML = response;
iframe.contentWindow.print();
});
C# implementation for get-cdndomaincom-url-content:
Easiest way to read from a URL into a string in .NET
You do not need proxy server for workaround. You can create proxy iframe and then dynamically create another iframe inside the proxy iframe. Then attach onload="print()" to it.
Something like this
/**
* Load iframe from cross-origin via proxy iframe
* and then invokes the print dialog.
* It is not possible to call window.print() on the target iframe directly
* because of cross-origin policy.
*
* Downside is that the iframe stays loaded.
*/
function printIframe(url) {
var proxyIframe = document.createElement('iframe');
var body = document.getElementsByTagName('body')[0];
body.appendChild(proxyIframe);
proxyIframe.style.width = '100%';
proxyIframe.style.height = '100%';
proxyIframe.style.display = 'none';
var contentWindow = proxyIframe.contentWindow;
contentWindow.document.open();
// Set dimensions according to your needs.
// You may need to calculate the dynamically after the content has loaded
contentWindow.document.write('<iframe src="' + url + '" onload="print();" width="1000" height="1800" frameborder="0" marginheight="0" marginwidth="0">');
contentWindow.document.close();
}
--Issue--
HiDeo is right this is a cross-domain issue. It is a part of CORS which is a great thing for the security of the web but also a pain.
--Philosophy--
There are ways to work around CORS but I believe in finding a solution that works for most to all cases and keep using it. This creates easier code to reason about and keeps code consistent rather then changing and creating code for edge cases. This can create a harder initial solution but as you can reuse the method regardless of use case you end up saving time.
--Answer--
The way our team handles cross domain request issues is bypassing it completely. CORS is something for browsers only. So the best way to solve all cases of this issue is don't give the reasonability to the browser. We have the server fetch the document and giving it to the browser on the same domain.
(I'm an Angular guy)
The client would say something like
$http.get('/pdf/x').then(function(){
//do whatever you want with any cross-domain doument
});
The Server would have something like what you see here HTTP GET Request in Node.js Express
It is a CORS issue . There is a library that acts as a CORS alternative , you can find it here Xdomain CORS alternative Github . It kind of by-passes CORS request seamlessly to render cross domain resources effectively.
It has a Javascript, AngularJS, as well as a JQuery wrapper too . I think this will provide you a more elegant solution, and is simple to integrate. Give it a try .
Related
Okay, I have a page on and on this page I have an iframe. What I need to do is on the iframe page, find out what the URL of the main page is.
I have searched around and I know that this is not possible if my iframe page is on a different domain, as that is cross-site scripting. But everywhere I've read says that if the iframe page is on the same domain as the parent page, it should work if I do for instance:
parent.document.location
parent.window.document.location
parent.window.location
parent.document.location.href
... or other similar combos, as there seems to be multiple ways to get the same info.
Anyways, so here's the problem. My iframe is on the same domain as the main page, but it is not on the same SUB domain. So for instance I have
http:// www.mysite.com/pageA.html
and then my iframe URL is
http:// qa-www.mysite.com/pageB.html
When I try to grab the URL from pageB.html (the iframe page), I keep getting the same access denied error. So it appears that even sub-domains count as cross-site scripting, is that correct, or am I doing something wrong?
Yes, accessing parent page's URL is not allowed if the iframe and the main page are not in the same (sub)domain. However, if you just need the URL of the main page (i.e. the browser URL), you can try this:
var url = (window.location != window.parent.location)
? document.referrer
: document.location.href;
Note:
window.parent.location is allowed; it avoids the security error in the OP, which is caused by accessing the href property: window.parent.location.href causes "Blocked a frame with origin..."
document.referrer refers to "the URI of the page that linked to this page." This may not return the containing document if some other source is what determined the iframe location, for example:
Container iframe # Domain 1
Sends child iframe to Domain 2
But in the child iframe... Domain 2 redirects to Domain 3 (i.e. for authentication, maybe SAML), and then Domain 3 directs back to Domain 2 (i.e. via form submission(), a standard SAML technique)
For the child iframe the document.referrer will be Domain 3, not the containing Domain 1
document.location refers to "a Location object, which contains information about the URL of the document"; presumably the current document, that is, the iframe currently open. When window.location === window.parent.location, then the iframe's href is the same as the containing parent's href.
I just discovered a workaround for this problem that is so simple, and yet I haven't found any discussions anywhere that mention it. It does require control of the parent frame.
In your iFrame, say you want this iframe: src="http://www.example.com/mypage.php"
Well, instead of HTML to specify the iframe, use a javascript to build the HTML for your iframe, get the parent url through javascript "at build time", and send it as a url GET parameter in the querystring of your src target, like so:
<script type="text/javascript">
url = parent.document.URL;
document.write('<iframe src="http://example.com/mydata/page.php?url=' + url + '"></iframe>');
</script>
Then, find yourself a javascript url parsing function that parses the url string to get the url variable you are after, in this case it's "url".
I found a great url string parser here:
http://www.netlobo.com/url_query_string_javascript.html
If your iframe is from another domain, (cross domain), you will simply need to use this:
var currentUrl = document.referrer;
and - here you've got the main url!
The following line will work: document.location.ancestorOrigins[0] this one returns the ancestor domain name.
You're correct. Subdomains are still considered separate domains when using iframes. It's possible to pass messages using postMessage(...), but other JS APIs are intentionally made inaccessible.
It's also still possible to get the URL depending on the context. See other answers for more details.
For pages on the same domain and different subdomain, you can set the document.domain property via javascript.
Both the parent frame and the iframe need to set their document.domain to something that is common betweeen them.
i.e.
www.foo.mydomain.com and api.foo.mydomain.com could each use either foo.mydomain.com or just mydomain.com and be compatible (no, you can't set them both to com, for security reasons...)
also, note that document.domain is a one way street. Consider running the following three statements in order:
// assume we're starting at www.foo.mydomain.com
document.domain = "foo.mydomain.com" // works
document.domain = "mydomain.com" // works
document.domain = "foo.mydomain.com" // throws a security exception
Modern browsers can also use window.postMessage to talk across origins, but it won't work in IE6.
https://developer.mozilla.org/en/DOM/window.postMessage
Try it:
document.referrer
When you change you are in a iframe your host is "referrer".
There's a lot a answers to this question, and none of them are definitely the best in terms of support or reliability.
Options
window.location.ancestorOrigins[0] will get the parent url, but this api only works in chromium browsers (see support). this also supports nested iframes, where the bottom most child has access to the urls of each parent iframe.
document.referrer is the most common answer but is not always reliable
navigation inside of the iframe would show the last page instead of the parent frame url
redirects only show the most recent referrer to the current page
if the page reloads itself the referer becomes the page itself
http child with an https parent has an empty string for referrer
Things that don't work
window.parent.location.href. If the parent and the child are in different domains, this api is blocked by modern browsers (see here), and will throw an error.
Recommendation
If supported, I prefer window.location.ancestorOrigins[0]. document.referrer can work, but is less reliable, making it my fallback option. If you do use document referrer, try to call it on the first framed page load, before navigation or redirects, to get the parent address.
there is a cross browser script for get parent origin:
private getParentOrigin() {
const locationAreDisctint = (window.location !== window.parent.location);
const parentOrigin = ((locationAreDisctint ? document.referrer : document.location) || "").toString();
if (parentOrigin) {
return new URL(parentOrigin).origin;
}
const currentLocation = document.location;
if (currentLocation.ancestorOrigins && currentLocation.ancestorOrigins.length) {
return currentLocation.ancestorOrigins[0];
}
return "";
}
This code, should work on Chrome and Firefox.
var url = (window.location != window.parent.location) ? document.referrer: document.location;
I found that the above example suggested previously worked when the script was being executed in an iframe however it did not
retrieve the url when the script was executed outside of an iframe,
a slight adjustment was required:
var url = (window.location != window.parent.location) ? document.referrer: document.location.href;
I've had issues with this. If using a language like php when your page first loads in the iframe grab $_SERVER['HTTP_REFFERER'] and set it to a session variable.
This way when the page loads in the iframe you know the full parent url and query string of the page that loaded it. With cross browser security it's a bit of a headache counting on window.parent anything if you you different domains.
I've found in the cases where $_SERVER['HTTP_REFERER'] doesn't work (I'm looking at you, Safari), $_SERVER['REDIRECT_SCRIPT_URI'] has been a useful backup.
Assuming you get to tell the parent page how to set up the iframe, to easily but insecurily get the full URL with a path and URL parameters, include referrerpolicy="unsafe-url" when specifying the iframe:
<iframe src="https://example.com/innersite" referrerpolicy="unsafe-url" title="My Title"></iframe>
Then you can get the full original URL with:
document.referrer
Many of the other answers only work when the iframe src is the same as the parent's domain.
Fallbacks:
In case there are security issues, you could do a fallback like https://stackoverflow.com/a/5697801/1226799 says where the parent explicitly sends its URL in a URL parameter for the iframe URL, but an attacker could easily fake that.
I believe you could also use message passing and check the origin of the event: https://stackoverflow.com/a/61548595/1226799
I couldnt get previous solution to work but I found out that if I set the iframe scr with for example http:otherdomain.com/page.htm?from=thisdomain.com/thisfolder then I could, in the iframe extract thisdomain.com/thisfolder by using following javascript:
var myString = document.location.toString();
var mySplitResult = myString.split("=");
fromString = mySplitResult[1];
The problem with the PHP $_SERVER['HTTP_REFFERER'] is that it gives the fully qualified page url of the page that brought you to the parent page. That's not the same as the parent page, itself. Worse, sometimes there is no http_referer, because the person typed in the url of the parent page. So, if I get to your parent page from yahoo.com, then yahoo.com becomes the http_referer, not your page.
In chrome it is possible to use location.ancestorOrigins
It will return all parent urls
This worked for me to access the iframe src url.
window.document.URL
I know his is super old but it blows my mind no one recommended just passing cookies from one domain to the other. As you are using subdomains you can share cookies from a base domain to all subdomains just by setting cookies to the url .basedomain.com
Then you can share whatever data you need through the cookies.
Get All Parent Iframe functions and HTML
var parent = $(window.frameElement).parent();
//alert(parent+"TESTING");
var parentElement=window.frameElement.parentElement.parentElement.parentElement.parentElement;
var Ifram=parentElement.children;
var GetUframClass=Ifram[9].ownerDocument.activeElement.className;
var Decision_URLLl=parentElement.ownerDocument.activeElement.contentDocument.URL;
I have the following page
<!DOCTYPE html>
<html>
<script type="text/javascript">
function loopLink(i)
{
window.open($('#iframe_a').contents().find('.image-navigator-mid a').attr('href'),'iframe_a');
setTimeout(function()
{
if (i < 3) loopLink(i+1);
}, 5000);
}
// Wait for the page to load first
window.onload = function() {
var a = document.getElementById("mylink");
a.onclick = function() {
loopLink(0);
return false;
}
}
</script>
<iframe src="http://nanofate.us/content/fate-new-hair-style#node-inner" width="500" height="500" name="iframe_a" id="iframe_a"></iframe>
<br />
<a id="mylink" href="">Execute</a>
the idea is that in it's current form, when you click Execute, the javascript will cause the iframe to use the "previous" link 4 times, waiting 5 second each time, however when i click the link it just reloads the page and even after waiting 10 seconds the iframe is doing nothing
i am wondering what i have done wrong
Due to Same Origin Policy restrictions, you can not access contents of iframe if it is running a page from another domain. There are solutions to same domain policy like
Opening a page via a proxy
Check out Tomodo. It is just to give you a hint how they used proxy to bypass same origin policy constraint and access iframe content. So the implementation idea goes like this
Create a proxy and host it at a.com/proxy
Host your main page at a.com/index.html
Now, request your proxy to give you content of iframe_url something like this a.com/proxy?url=iframe_url.com
Please note this is not a trivial task and you may have to handle a lot of cases at your proxy like handling relative URLs, cookie reading by iframe_url etc etc.
So go for it only if you need it desperately.
Another solution might be this:
If you want to download some images for a particular domain, just ask your server side code to it for you. Your backend code will fetch the html of page and use some HTML parser like
BeautifulSoup for python (Documentation Link)
Jsoup for Java (Documentation Link)
to parse img tags and extract the source and fetch the images and download them.
PS: Just for some good information, please read Ways to circumvent same origin policy
I think what you are doing is subject to the same origin policy. This should be the reason why you are getting permission denied type errors.
I wrote a content script that injects an iframe to any website (therefore different domain).
I need the parent website to send some information to the child iframe, however I couldn't find a way to do it.
The code
var targetFrame = $('#myIframe')[0];
targetFrame.contentWindow.postMessage('the message', '*');
Doesn't work somehow and i get a Cannot call method 'postMessage' of undefined error.
But then when I tried the same code directly in Chrome's console, it worked.
I had no trouble sending a postMessage from the child to the parent though but just need a way for the parent to send messages to the child iframe.
I recently wrote code that did postMessage to an iframe and I encountered quite a similar issue where it said contentWindow is undefined.
In my case, my iframe was not yet part of the DOM tree, it was a variable created by document.createElement('iframe').
Once I put it hidden (width and height 0px, visibility hidden) into the body of the page, contentWindow was no longer undefined and everything worked as expected.
I found the Mozilla Developer Network page for postMessage extremely useful when I was working on my project.
I've had success using the following library:
http://easyxdm.net/wp/
It doesn't require any flash/silverlight, only javascript. And it is compatible as far back as as IE6.
It took a little doing to get it up and running, but once it was things ran very smoothly.
Keep in mind that if the iFrame you're opening on the other domain uses a different protocol (HTTP vs. HTTPS) the browser will kick out a warning which prevents your script from running (unless the user says they will accept the risk). If you have access to both protocols it may be wise to host the contents of the iFrame on both HTTP and HTTPS and load the appropriate script accordingly.
Good luck!
You don't need to target contentWindow. Try this:
var targetFrame = $('#myIframe')[0];
targetFrame.postMessage('the message', '*');
I have an iframe-based online help system that has worked well for years. With IE8 it chokes on some of the javascripting that calls location.toString(). This same code works fine in IE6.
Specifically, the code is:
var iss = parent.left.location.toString();
var isInd = iss.indexOf("indexframe");
I get a "permission denied" error. I believe the problem is related to cross-domain communications, which I'm not sure I fully understand. The whole package runs locally using local HTML and javascript files. I'm not trying to have a frame in one domain control a frame in another domain. Or maybe I'm way off base in assuming this is the problem.
Could someone help me to understand what I need to do to work around this issue?
If the iFrame and the parent Document are in the same domain then you should not get that error. It suggests to me that the documents are in different domains.
If the Iframe is in www.mydomain.com and the document is in help.mydomain.com YOU WILL GET AN ERROR! The pages must think they are in the exact same domain.
In both documents you could add javascript the set the domain:
document.domain = "mydomain.com";
Javascript will allow you to drop into the host domain on both pages. This allows you to communicate accross the frames. Of course if the pages are in different HOST domains then this won't work and javascript will throw the error.
Typically when accessing the content of another iframe, i use something like this:
var f = document.getElementById('IdOfIFrame'),
d = f.contentDocument||f.contentWindow;
alert(d.location);
If you are indeed accessing 2 domains from your site, and you own both of them, you can create an xml file that specifies which domains should be allowed to share. See the spec document. This opt-in cross-site access is supported by more than just Adobe (MS Silverlight for one). Here is Silverlight's support spec.
Okay, I have a page on and on this page I have an iframe. What I need to do is on the iframe page, find out what the URL of the main page is.
I have searched around and I know that this is not possible if my iframe page is on a different domain, as that is cross-site scripting. But everywhere I've read says that if the iframe page is on the same domain as the parent page, it should work if I do for instance:
parent.document.location
parent.window.document.location
parent.window.location
parent.document.location.href
... or other similar combos, as there seems to be multiple ways to get the same info.
Anyways, so here's the problem. My iframe is on the same domain as the main page, but it is not on the same SUB domain. So for instance I have
http:// www.mysite.com/pageA.html
and then my iframe URL is
http:// qa-www.mysite.com/pageB.html
When I try to grab the URL from pageB.html (the iframe page), I keep getting the same access denied error. So it appears that even sub-domains count as cross-site scripting, is that correct, or am I doing something wrong?
Yes, accessing parent page's URL is not allowed if the iframe and the main page are not in the same (sub)domain. However, if you just need the URL of the main page (i.e. the browser URL), you can try this:
var url = (window.location != window.parent.location)
? document.referrer
: document.location.href;
Note:
window.parent.location is allowed; it avoids the security error in the OP, which is caused by accessing the href property: window.parent.location.href causes "Blocked a frame with origin..."
document.referrer refers to "the URI of the page that linked to this page." This may not return the containing document if some other source is what determined the iframe location, for example:
Container iframe # Domain 1
Sends child iframe to Domain 2
But in the child iframe... Domain 2 redirects to Domain 3 (i.e. for authentication, maybe SAML), and then Domain 3 directs back to Domain 2 (i.e. via form submission(), a standard SAML technique)
For the child iframe the document.referrer will be Domain 3, not the containing Domain 1
document.location refers to "a Location object, which contains information about the URL of the document"; presumably the current document, that is, the iframe currently open. When window.location === window.parent.location, then the iframe's href is the same as the containing parent's href.
I just discovered a workaround for this problem that is so simple, and yet I haven't found any discussions anywhere that mention it. It does require control of the parent frame.
In your iFrame, say you want this iframe: src="http://www.example.com/mypage.php"
Well, instead of HTML to specify the iframe, use a javascript to build the HTML for your iframe, get the parent url through javascript "at build time", and send it as a url GET parameter in the querystring of your src target, like so:
<script type="text/javascript">
url = parent.document.URL;
document.write('<iframe src="http://example.com/mydata/page.php?url=' + url + '"></iframe>');
</script>
Then, find yourself a javascript url parsing function that parses the url string to get the url variable you are after, in this case it's "url".
I found a great url string parser here:
http://www.netlobo.com/url_query_string_javascript.html
If your iframe is from another domain, (cross domain), you will simply need to use this:
var currentUrl = document.referrer;
and - here you've got the main url!
The following line will work: document.location.ancestorOrigins[0] this one returns the ancestor domain name.
You're correct. Subdomains are still considered separate domains when using iframes. It's possible to pass messages using postMessage(...), but other JS APIs are intentionally made inaccessible.
It's also still possible to get the URL depending on the context. See other answers for more details.
For pages on the same domain and different subdomain, you can set the document.domain property via javascript.
Both the parent frame and the iframe need to set their document.domain to something that is common betweeen them.
i.e.
www.foo.mydomain.com and api.foo.mydomain.com could each use either foo.mydomain.com or just mydomain.com and be compatible (no, you can't set them both to com, for security reasons...)
also, note that document.domain is a one way street. Consider running the following three statements in order:
// assume we're starting at www.foo.mydomain.com
document.domain = "foo.mydomain.com" // works
document.domain = "mydomain.com" // works
document.domain = "foo.mydomain.com" // throws a security exception
Modern browsers can also use window.postMessage to talk across origins, but it won't work in IE6.
https://developer.mozilla.org/en/DOM/window.postMessage
Try it:
document.referrer
When you change you are in a iframe your host is "referrer".
There's a lot a answers to this question, and none of them are definitely the best in terms of support or reliability.
Options
window.location.ancestorOrigins[0] will get the parent url, but this api only works in chromium browsers (see support). this also supports nested iframes, where the bottom most child has access to the urls of each parent iframe.
document.referrer is the most common answer but is not always reliable
navigation inside of the iframe would show the last page instead of the parent frame url
redirects only show the most recent referrer to the current page
if the page reloads itself the referer becomes the page itself
http child with an https parent has an empty string for referrer
Things that don't work
window.parent.location.href. If the parent and the child are in different domains, this api is blocked by modern browsers (see here), and will throw an error.
Recommendation
If supported, I prefer window.location.ancestorOrigins[0]. document.referrer can work, but is less reliable, making it my fallback option. If you do use document referrer, try to call it on the first framed page load, before navigation or redirects, to get the parent address.
there is a cross browser script for get parent origin:
private getParentOrigin() {
const locationAreDisctint = (window.location !== window.parent.location);
const parentOrigin = ((locationAreDisctint ? document.referrer : document.location) || "").toString();
if (parentOrigin) {
return new URL(parentOrigin).origin;
}
const currentLocation = document.location;
if (currentLocation.ancestorOrigins && currentLocation.ancestorOrigins.length) {
return currentLocation.ancestorOrigins[0];
}
return "";
}
This code, should work on Chrome and Firefox.
var url = (window.location != window.parent.location) ? document.referrer: document.location;
I found that the above example suggested previously worked when the script was being executed in an iframe however it did not
retrieve the url when the script was executed outside of an iframe,
a slight adjustment was required:
var url = (window.location != window.parent.location) ? document.referrer: document.location.href;
I've had issues with this. If using a language like php when your page first loads in the iframe grab $_SERVER['HTTP_REFFERER'] and set it to a session variable.
This way when the page loads in the iframe you know the full parent url and query string of the page that loaded it. With cross browser security it's a bit of a headache counting on window.parent anything if you you different domains.
I've found in the cases where $_SERVER['HTTP_REFERER'] doesn't work (I'm looking at you, Safari), $_SERVER['REDIRECT_SCRIPT_URI'] has been a useful backup.
Assuming you get to tell the parent page how to set up the iframe, to easily but insecurily get the full URL with a path and URL parameters, include referrerpolicy="unsafe-url" when specifying the iframe:
<iframe src="https://example.com/innersite" referrerpolicy="unsafe-url" title="My Title"></iframe>
Then you can get the full original URL with:
document.referrer
Many of the other answers only work when the iframe src is the same as the parent's domain.
Fallbacks:
In case there are security issues, you could do a fallback like https://stackoverflow.com/a/5697801/1226799 says where the parent explicitly sends its URL in a URL parameter for the iframe URL, but an attacker could easily fake that.
I believe you could also use message passing and check the origin of the event: https://stackoverflow.com/a/61548595/1226799
I couldnt get previous solution to work but I found out that if I set the iframe scr with for example http:otherdomain.com/page.htm?from=thisdomain.com/thisfolder then I could, in the iframe extract thisdomain.com/thisfolder by using following javascript:
var myString = document.location.toString();
var mySplitResult = myString.split("=");
fromString = mySplitResult[1];
The problem with the PHP $_SERVER['HTTP_REFFERER'] is that it gives the fully qualified page url of the page that brought you to the parent page. That's not the same as the parent page, itself. Worse, sometimes there is no http_referer, because the person typed in the url of the parent page. So, if I get to your parent page from yahoo.com, then yahoo.com becomes the http_referer, not your page.
In chrome it is possible to use location.ancestorOrigins
It will return all parent urls
This worked for me to access the iframe src url.
window.document.URL
I know his is super old but it blows my mind no one recommended just passing cookies from one domain to the other. As you are using subdomains you can share cookies from a base domain to all subdomains just by setting cookies to the url .basedomain.com
Then you can share whatever data you need through the cookies.
Get All Parent Iframe functions and HTML
var parent = $(window.frameElement).parent();
//alert(parent+"TESTING");
var parentElement=window.frameElement.parentElement.parentElement.parentElement.parentElement;
var Ifram=parentElement.children;
var GetUframClass=Ifram[9].ownerDocument.activeElement.className;
var Decision_URLLl=parentElement.ownerDocument.activeElement.contentDocument.URL;