javascript - 当来源不相同时，从iframe获取网址(Get url from iframe when origin is not the same)

Question

(The bounty expires in 4 days) .

((赏金将 在4天后过期)

。) Answers to this question are eligible for a +50 reputation bounty.

(这个问题的答案有资格获得+50声望奖励。)

Laurent is looking for an (answer from a reputable source) : I need to find a way to get the url in an easy way for the user.

(洛朗（Laurent）正在寻找(一个有信誉的来源)

的

(答案)

：我需要找到一种以简单的方式为用户获取url的方法。) It just needs to work, it is okay if the answer is a whole workaround.

(它只是需要工作，如果答案是一个完整的解决方法，这是可以的。)

I want to get the URL from an iframe when the user redirects by clicking links in the iframe.

(当用户通过单击iframe中的链接进行重定向时，我想从iframe中获取URL。)

The source of the iframe is not the same as the web application.

(iframe的来源与Web应用程序不同。)

For example:

(例如：)

<iframe src="startingUrl" class="embed-responsive-item" id="iframe" sandbox="" allowfullscreen</iframe>

I add a load listener on the iframe to detect when the user redirects to other urls in this iframe:

(我在iframe上添加了一个加载侦听器，以检测用户何时重定向到该iframe中的其他网址：)

const iframe = document.getElementById("iframe");

iframe.addEventListener("load", (evt) => {
    const location = iframe.contentWindow.location;

    console.log(location); // this gives me a Location object where I can see the href property
    console.log(location.href); // this gives me a SecurityError: Permission denied to get property "href" on cross-origin object, I also tried to get a copy of the object but that doesn't work either.
});

I know what causes this problem and I also know it is not possible.

(我知道是什么原因导致了这个问题，并且我也知道这是不可能的。)

But I need to find a way to get the current URL of the page.

(但是我需要找到一种获取页面当前URL的方法。)

If this is a no go then I want that the user who uses this web application can copy the url of the iframe and put it in an input field.

(如果不行，那么我希望使用该Web应用程序的用户可以复制iframe的网址并将其放在输入字段中。)

Now they can do "View frame source" in chrome and This frame: view frame source or info in Firefox.

(现在他们可以在chrome和This frame中执行“查看框架源”：在Firefox中查看框架源或信息。)

But this is too complicated for the user.

(但这对于用户来说太复杂了。)

Is there a way they can see the URL in the iFrame or a way for the user to get the URL simpler.

(他们有没有办法在iFrame中看到URL或用户使URL变得更简单的方法。)

The site in the iFrame is not mine.

(iFrame中的网站不是我的。)

All help is much appreciated!

(非常感谢所有帮助！)

  ask by Laurent translate from so

Answer 1

Short answer : This is a no go, unless you have the support of the other site in your iframe and they are willing to add the code in @??? answer.

(简短答案 ：除非您在iframe中获得其他网站的支持，并且他们愿意在@???答案中添加代码，否则这是不可行的。)

Longer answer : You could set up a proxy server to inject the required code to make this work, but then you will run into legal and ethical difficulties, so I am not going to explain how to do that in depth.

(更长的答案 ：您可以设置代理服务器以注入所需的代码来完成此工作，但是您会遇到法律和道德上的困难，因此我将不深入说明如何做到这一点。)

Another approach might be to create a browser extension and have your users install that.

(另一种方法可能是创建一个浏览器扩展并让您的用户安装它。)

Again I should point out FaceBook has in the past ran into ethical difficulties taking this approach.

(我要再次指出，FaceBook过去采用这种方法遇到了道德上的困难。)

Ultimately their are very good security reasons why the browser stops you doing this and you should probably respect those reasons and not do it.

(归根结底，它们是非常好的安全原因，导致浏览器阻止您执行此操作，并且您应该尊重这些原因，而不应该这样做。)