堆栈内存溢出
  简体   繁体   English

LinkedIn 登录:阻止了来源为“https://platform.linkedin.com”的框架访问具有来源的框架

[英]LinkedIn Login: Blocked a frame with origin “https://platform.linkedin.com” from accessing a frame with origin

 原文  2016-06-29 07:35:12       javascript/ linkedin/ linkedin-api/ linkedin-jsapi

问题描述

We had Login with LinkedIn code set up and working perfectly with LinkedIn Javascript SDK, where a few days ago we suddenly started to get this:我们设置了 Login with LinkedIn 代码并与 LinkedIn Javascript SDK 完美配合,几天前我们突然开始得到这个:

Blocked a frame with origin "https://platform.linkedin.com" from accessing a frame
with origin "https://OUR_SITE". Protocols, domains, and ports must match.

And login does not complete (it returns from LinkedIn to our page and waits forever).并且登录未完成(它从 LinkedIn 返回到我们的页面并永远等待)。 I have no idea why we started to get this error when everything was working perfectly (we haven't changed a single line of code about the login mechanism, or allow origin headers/files, or LinkedIn settings etc) but I decided to add platform.linkedin.com to allow origin header:我不知道为什么当一切正常时我们开始收到此错误(我们没有更改有关登录机制的一行代码,或允许原始标题/文件或 LinkedIn 设置等)但我决定添加platform.linkedin.com允许源头:

Access-Control-Allow-Origin: https://platform.linkedin.com

I can see the header sent in response correctly.我可以看到响应中正确发送的标头。 However, I'm still getting the very same error .但是,我仍然遇到同样的错误

Why did this start happening and how can we prevent this?为什么会发生这种情况,我们如何防止这种情况发生? I mean, I know Microsoft bought LinkedIn but come on, they can't break it that fast .我的意思是,我知道微软收购了 LinkedIn 但拜托,他们不能那么打破它。

1 个解决方案

解决方案1
 1 已采纳  2016-12-08 22:04:29

Seems like it's broken forever.好像永远坏掉了。

I've ended up giving up on LinkedIn SDK completely, and using vanilla JS to open up a window, check for it's events, redirect back to my own domain (to be able to read window location and not hit into a browser sandbox) and read the token from there and use the token to manually do whatever I do.我最终完全放弃了 LinkedIn SDK,并使用 vanilla JS 打开一个窗口,检查它的事件,重定向回我自己的域(以便能够读取窗口位置而不是进入浏览器沙箱)和从那里读取令牌并使用令牌手动执行我所做的任何事情。

I've never seen a company care less about their own developer platform, but again, at least, as a developer I can tell you that you can implement the "Login with LinkedIn" mechanism by hand.我从来没有见过一家公司对自己的开发者平台不那么关心,但至少,作为开发者,我可以告诉你,你可以手动实现“使用 LinkedIn 登录”机制。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 阻止了具有起源的帧访问具有起源的帧 - Blocked a frame with origin from accessing a frame with origin 未捕获的安全错误:阻止了来源为“https://www.google.com”的框架访问来源为“http://my.site.com”的框架。 - Uncaught SecurityError: Blocked a frame with origin “https://www.google.com” from accessing a frame with origin “http://my.site.com”. 阻止具有原点“file://”的帧访问跨源帧 - Blocked a frame with origin “file://” from accessing a cross-origin frame SecurityError:阻止具有源的框架访问跨域框架 - SecurityError: Blocked a frame with origin from accessing a cross-origin frame 未捕获到的SecurityError:阻止了具有原点的框架…无法访问具有原点的框架 - Uncaught SecurityError: Blocked a frame with origin … from accessing a frame with origin 阻止框架访问来源为“https://www.paypal.com”的框架。 协议、域和端口必须匹配。 这是什么意思? - Blocked a frame from accessing a frame with origin “https://www.paypal.com”. Protocols, domains, and ports must match. What does this mean? 阻止访问跨源框架 - Blocked from accessing a cross origin frame 为什么我 *inconsistently* 得到 DOMException: Blocked a frame with origin "https://ec2b.foo.com" from access a cross-origin frame - Why do I *inconsistently* get DOMException: Blocked a frame with origin “https://ec2b.foo.com” from accessing a cross-origin frame 从访问框架中阻止了原始“http://video.sasads.com”的框架 - Blocked a frame with origin “http://video.sasads.com” from accessing a frame SCORM: SecurityError: Blocked a frame with origin from access a cross-origin frame FOR SAME ORIGIN - SCORM: SecurityError: Blocked a frame with origin from accessing a cross-origin frame FOR SAME ORIGIN
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM