Open Bug 1554491 Opened 5 years ago Updated 2 years ago

Can't access prototype of objects that were received from an iframe exported object

Categories

(Core :: DOM: Core & HTML, defect, P3)

Product:
Core
Component:
DOM: Core & HTML
Version:
67 Branch
Type:
defect

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: haimh, Unassigned)

Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/74.0.3729.157 Safari/537.36

Steps to reproduce:

I have an iframe with domain 'xxx.main.com'
I'm loading it in 'main.com'
In the iframe, there is some code that does
document.domain = 'main.com'
from the iframe, I get an object (iframeElement.contentDocument.someObject).
Then I use someObject.getObject().
When I try to access any property of the prototype or when I try to clone it using lodash I get error https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/Property_access_denied

Actual results:

I get https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Errors/Property_access_denied

Expected results:

Everything should continue working the same as before

From here:
https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy#Changing_origin
Note: When using document.domain to allow a subdomain to access its parent securely, you need to set document.domain to the same value in both the parent domain and the subdomain. This is necessary even if doing so is simply setting the parent domain back to its original value. Failure to do this may result in permission errors.

Hi @Haim, please provide a TC - a link or something that will help to test the issue. Thanks

Flags: needinfo?(haimh)
Component: Untriaged → DOM: Core & HTML
Product: Firefox → Core

Not waiting for the required information for 2 months, closing IMCOMPLETE.
Dear reporter, feel free to reopen this when you get a chance getting back to us here. Thanks!

Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → INCOMPLETE

Hey
We were able to overcome this error so it became low priority.
I can't set up an environment to check it out, but I can give you all of the info you need.

  1. create a site with domain XXX that has function on window createObject that returns a new object
  2. create a site in subdomain of XXX
  3. in subdomain.XXX add js that changes document.domain to be XXX ( https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy#Changing_origin)
  4. In subdomain.XXX load XXX in iFrame.
  5. in subdomain.XXX access iframeElement, get window and use create new object method.
  6. returned object prototype has restricted access which shouldn't be according to the link in #3
Flags: needinfo?(haimh)
Status: RESOLVED → UNCONFIRMED
Resolution: INCOMPLETE → ---
Priority: -- → P3
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.