Google+登录 - 未捕获的SecurityError
[英]Google+ Sign-In - Uncaught SecurityError
问题描述
I'm implementing Google+ Sign-In's hybrid / one-time auth code flow and experiencing this error in Chrome's JS console after the sign-in prompts and granting the app permission, presumably when Google's code tries to call back to the button: 
我正在实施Google+登录的混合/一次性身份验证代码流,并在登录提示并授予应用程序权限后在Chrome的JS控制台中遇到此错误,可能是在Google的代码尝试回拨按钮时:
Uncaught SecurityError: Blocked a frame with origin "https://ww2.fa.org" from accessing a frame with origin "https://accounts.google.com". Protocols, domains, and ports must match.
This does not seem to occur in Safari or IE and a similar permission error occurs sometimes in Firefox, but is reproducible more often than not in Chrome. 在Safari或IE中似乎没有出现这种情况,并且有时在Firefox中会出现类似的权限错误,但在Chrome中可以更频繁地重现。 Refreshing the frame with the sign-in button (after following the google-side prompts) will usually result in the refreshed button "knowing" that the sign-in was successful a call to the success handler... it should always work without a refresh, but just doesn't. 使用登录按钮刷新框架(在遵循谷歌方面的提示之后)通常会导致刷新按钮“知道”登录成功调用成功处理程序...它应始终无需工作刷新,但不是。
Any thoughts? 有什么想法吗? The sign-in is at https://ww2.fa.org/gauth/ and it only requests the email scope if you're inclined to take a look! 登录位于https://ww2.fa.org/gauth/ ,如果您倾向于查看,它只会请求电子邮件范围!
2 个解决方案
解决方案1
16 2014-10-05 20:42:25
The way I got rid of this error message is to add https://accounts.google.com to the AUTHORIZED JAVASCRIPT ORIGINS in your OAuth client settings in Cloud Developers Console under API & auth -> Credentials. 我摆脱这种错误信息的方法是添加https://accounts.google.com到AUTHORIZED JAVASCRIPT ORIGINS在云开发者控制台您的OAuth客户端设置下API和验证] - >凭据。
Update 更新
That actually didn't fix it and the problem resurfaced again when I switched to using gapi.auth.signIn instead of gapi.login.render . 这实际上没有解决它,当我切换到使用gapi.auth.signIn而不是gapi.login.render时,问题又重新出现了。 The problem as described in the comments in this post was that serialization of the g-oauth-window attribute of the authResult when sending it to your backend. 如在注释中描述的问题, 这个帖子是的是序列化g-oauth-window的属性authResult把它发送到后端的时候。 Removing that parameter or sending just the attributes you need fixed it for me. 删除该参数或仅发送您需要的属性为我修复它。
var signInCallback = function(authResult) {
delete authResult['g-oauth-window'];
ajaxCallToBackend(authResult);
};
Hope this helps. 希望这可以帮助。
解决方案2
8 2015-06-03 16:32:25
If you get the same error and the above method posted by Adam didn't work for you (it didn't work for myself) try the method below. 如果你得到同样的错误,亚当发布的上述方法对你不起作用(它本身不起作用),请尝试下面的方法。
I overcame the problem by disabling any chrome extensions that I had installed that read and change the rendered HTML and ones that rewrite page headers and inject an sort of JavaScript in to the page. 我通过禁用我已经安装的任何chrome扩展来解决问题,这些扩展读取并更改呈现的HTML以及重写页眉并向页面注入一种JavaScript。
One such extension(the one causing my Blocked a frame with origin "https://apis.google.com" from accessing a frame with origin "https://example.com error) was namely Ripple Emulator (Beta) 0.9.15 A browser based html5 mobile application development and testing tool which "Reads and changes the all your data on the websites you visit" as it states in the extensions permission details. 一个这样的扩展(导致我Blocked a frame with origin "https://apis.google.com" from accessing a frame with origin "https://example.com错误Blocked a frame with origin "https://apis.google.com" from accessing a frame with origin "https://example.com那个)就是Ripple Emulator(Beta)0.9.15基于浏览器的html5移动应用程序开发和测试工具,“在您访问的网站上读取和更改您的所有数据”,如扩展权限详细信息中所述。
Another such extension I disabled was ModHeader 1.2.4 Modify the Request Headers which also "Reads and changes the all your data on the websites you visit". 我禁用的另一个此类扩展是ModHeader 1.2.4修改请求标题,这也是“读取并更改您访问的网站上的所有数据”。
Just have a look at your Chrome extensions and eliminate any you suspect modifying pages. 只需查看您的Chrome扩展程序,即可删除任何可疑的修改页面。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.