jQuery UI Widgets Forums Layouts Splitter Uncaught SecurityError: Blocked a frame with origin

This topic contains 6 replies, has 4 voices, and was last updated by  buffetirv 1 month, 1 week ago.

Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
  • Hi all..

    I used jqxsplitter in an iframe on diffrent domain than the page domain.
    but i got this problem:

    Uncaught SecurityError: Blocked a frame with origin “http://domaine1.com” from accessing a frame with origin “http://domaine2.com”. Protocols, domains, and ports must match. : jqxsplitter.js:7

    Any idea how to resolve this problem.


    Dimitar
    Participant

    Hello Mohammad.zconsulting,

    This is not an issue related to jQWidgets. For more information about it, please refer to the following Stack Overflow topic: http://stackoverflow.com/questions/25098021/securityerror-blocked-a-frame-with-origin-from-accessing-a-cross-origin-frame.

    Best Regards,
    Dimitar

    jQWidgets team
    http://www.jqwidgets.com/

    Hello Dimitar

    Thanks for the fast response!


    CaptainBli
    Participant

    instance.createInstance(args);

    Throws the error in $.jqx.applyWidget jqxcore.js

    What is happening in there to be calling CORS stuff? I am running all kinds of JavaScript and accessing images other javascript files and everything inside of an iframe that houses the Layout Widget and yet this code throws the error. Everything seems to come through and looks OK but the code throws the error.

    What does createInstance do that is trying to make a request across domains?


    CaptainBli
    Participant

    Actually I meant across protocols not domains.

    Actual message:
    “Blocked a frame with origin “http://” from accessing a frame with origin “file://”. The frame requesting access has a protocol of “http”, the frame being accessed has a protocol of “file”. Protocols must match. applyWidget jqxcore.js


    Dimitar
    Participant

    Hello CaptainBli,

    The error is the same as explained in the aforementioned Stack Overflow topic. We are not sure why it is triggered by calling a jQWidgets-related code, but if you wish, you can share the relevant parts of your source code so that we can review them and provide feedback. However, we recommend addressing the actual reason for the error to be thrown – having iframes with different protocols.

    Best Regards,
    Dimitar

    jQWidgets team
    http://www.jqwidgets.com/


    buffetirv
    Participant

    Same-Origin Policy (SOP) restricts how a document or script loaded from one origin can interact with a resource from another origin. For example, when Site X tries to fetch content from Site Y in a frame, by default, Site Y’s pages are not accessible due to security reasons, it would be a huge security flaw if you could do it.

    How to solve?

    The window.postMessage() method provides a controlled mechanism to securely circumvent this restriction. The window.postMessage() safely enables cross-origin communication between Window objects; e.g: between a page and an iframe embedded within it.

    const frame = document.getElementById(‘your-frame-id’);
    frame.contentWindow.postMessage(/*any variable or object here*/, ‘http://your-second-site.com’);

    The window.postMessage is available to JavaScript running in chrome code (e.g., in extensions and privileged code), but the source property of the dispatched event is always null as a security restriction. (The other properties have their expected values.)

Viewing 7 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic.