Chrome blocks different origin requests
Question
When script tries to access a frame from a different origin Chrome blocks it and throws exception as
"Uncaught SecurityError: Blocked a frame with origin 'provider domain' from accessing a frame with origin 'mydomain'. Protocols, domains, and ports must match".
I got this error after some update in google chrome. Any suggestions?
2 answers
solution1
23 2013-11-07 13:40:49
Direct Javascript calls between frames and/or windows are only allowed if they conform to the same-origin policy . If your window and iframe share a common parent domain you can set document.domain to " domain lower ") one or both such that they can communicate. Otherwise you'll need to look into something like the postMessage() API .
solution2
5 2013-11-07 15:07:28
This is a security update. If an attacker can modify some file in the web server (the JS one, for example), he can make every loaded pages to download another script (for example to keylog your password or steal your SessionID and send it to his own server).
To avoid it, the browser check the Same-origin policy
Your problem is that the browser is trying to load something with your script (with an Ajax request) that is on another domain (or subdomain). To avoid it (if it is on your own website) you can:
- Copy the element on your own server (but it will be static).
- You can change your HTTP header to accept Cross-Origin content. See the Access-Control-Allow-Origin documentation for more information.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.