Permission issues checking if parent site is my parent domain within iframe

I've read several of the questions on this but am still a little confused. For example: OK, I can't post examples because of hyperlink limitations

Here is my exact situation.

I have a site at mydomain.com One of the pages has an iframe to another page at sub.mydomain.com

I am trying to prepare an onload script that if the page is not in an iframe or the parent domain of the page containing the iframe is not mydomain.com then redirect to mydomain.com.

After the initial permission issues I realised the problem with sub domains counting as separate domains.

One of the posts above says that "could each use either foo.mydomain.com or just mydomain.com"

So I tried (for testing): onload="document.domain='mydomain.com';alert(parent.location.href);"

This produced the error (http replaced with lar

Error: Permission denied for <ht开发者_StackOverflow中文版tp://sub.mydomain.net> (document.domain=<http://mydomain.net>) to get property Location.href from <http://mydomain.net> (document.domain has not been set).
Source File: http://sub.mydomain.net/?pageID=1&framed=1
Line: 1

Removing the alert produces no errors.

Maybe I am going about this the wrong way since I do not need to interact with the parent just read its domain if there is one.

A nice simple top.domain. For read only there must be a way so that people can prevent their own pages being used within other people's sites.

You can't (easily) do this because of security restrictions.

This answer from #2771397 might point you in the right direction.

OK, while looking at the error console I still had open when I got home a wee lightbulb lit up. I am pretty new to javascript (can you tell ;) but I thought "If it has try/catch"...

well here is a hack at least to get the name of the top domain and an example of how I will use it in my site to show content only if the page is a frame in the correct domain.

Firstly the header will have the following partially PHP generated function:

function getParentDomain()
{
  try
  {
    var wibble=top.location.href;
  }
  catch(err)
  {
    if (err.message.indexOf('http://mydomain.com')!=-1)
    {
      createCookie('IAmAWomble','value')
    }
  }
}

Basically the value will be something based on the PHP session I think. This will be executed at page load.

If the page is not within the proper site or if javascript is not enabled then the cookie will not be created. PHP will then attempt to read the correct value from the cookie and show the content or an error message as appropriate.

I do see a slight flaw in this for first visit since page load will run after PHP has generated the content but I'm sure I can work around this somehow. I thought I'd post because this is at least what I was initially asking for and that is a way to read the URL of a parent site if it is in a different domain to the site in the frame.

IIUC you want to use the window.parent attribute: “A reference to the parent of the current window or subframe.”
Assumably, window.parent.document.location.host contains the container page URL domain name.