I have an iframe on my page P1 which is hosted on server S1. On runtime, i do iframe.src=
to load page P2 hosted on server S2 inside the iframe.
I know about CORS and on server S2 for page P2, I've already set Access-Control-Allow-Origin: *
and I can confirm the same on response header when I check it in browser.
Now the page P2 and all it's assets load just file, but the moment I try to access P2's DOM from P1 using window.frames["iframe"].document
, it throws permission error.
Even though I'm setting Access-Control-Allow-Origin: *
on server S2, why am I still unable to access P2's DOM? Is this the way Access-Control-Allow-Origin: *
is supposed to work?