jQuery UI Widgets › Forums › Layouts › Splitter › Uncaught SecurityError: Blocked a frame with origin
Tagged: Blocked a frame with origin, CORS, domain, iframe, jqxsplitter, jqxsplitter iframe Uncaught SecurityError origin Blocked a frame with origin, origin, protocol, splitter
This topic contains 6 replies, has 4 voices, and was last updated by buffetirv 2 years, 11 months ago.
-
Author
-
Hi all..
I used jqxsplitter in an iframe on diffrent domain than the page domain.
but i got this problem:Uncaught SecurityError: Blocked a frame with origin “http://domaine1.com” from accessing a frame with origin “http://domaine2.com”. Protocols, domains, and ports must match. : jqxsplitter.js:7
Any idea how to resolve this problem.
Hello Mohammad.zconsulting,
This is not an issue related to jQWidgets. For more information about it, please refer to the following Stack Overflow topic: http://stackoverflow.com/questions/25098021/securityerror-blocked-a-frame-with-origin-from-accessing-a-cross-origin-frame.
Best Regards,
DimitarjQWidgets team
http://www.jqwidgets.com/Hello Dimitar
Thanks for the fast response!
instance.createInstance(args);
Throws the error in $.jqx.applyWidget jqxcore.js
What is happening in there to be calling CORS stuff? I am running all kinds of JavaScript and accessing images other javascript files and everything inside of an iframe that houses the Layout Widget and yet this code throws the error. Everything seems to come through and looks OK but the code throws the error.
What does createInstance do that is trying to make a request across domains?
Actually I meant across protocols not domains.
Actual message:
“Blocked a frame with origin “http://” from accessing a frame with origin “file://”. The frame requesting access has a protocol of “http”, the frame being accessed has a protocol of “file”. Protocols must match. applyWidget jqxcore.jsHello CaptainBli,
The error is the same as explained in the aforementioned Stack Overflow topic. We are not sure why it is triggered by calling a jQWidgets-related code, but if you wish, you can share the relevant parts of your source code so that we can review them and provide feedback. However, we recommend addressing the actual reason for the error to be thrown – having iframes with different protocols.
Best Regards,
DimitarjQWidgets team
http://www.jqwidgets.com/Same-Origin Policy (SOP) restricts how a document or script loaded from one origin can interact with a resource from another origin. For example, when Site X tries to fetch content from Site Y in a frame, by default, Site Y’s pages are not accessible due to security reasons, it would be a huge security flaw if you could do it.
How to solve?
The window.postMessage() method provides a controlled mechanism to securely circumvent this restriction. The window.postMessage() safely enables cross-origin communication between Window objects; e.g: between a page and an iframe embedded within it.
const frame = document.getElementById(‘your-frame-id’);
frame.contentWindow.postMessage(/*any variable or object here*/, ‘http://your-second-site.com’);The window.postMessage is available to JavaScript running in chrome code (e.g., in extensions and privileged code), but the source property of the dispatched event is always null as a security restriction. (The other properties have their expected values.)
-
AuthorPosts
You must be logged in to reply to this topic.