stackoom
  简体   繁体   中英

Cross-origin frame issue while accessing the iframe contentDocument property

 原文  2016-01-08 05:47:41       javascript/ security/ iframe/ google-chrome-extension

Question

What I need : I want to inject scripts in to all iframes (windows) presented in a web page (as part of my chrome extension development).

While doing so I am accessing iframe element contentDocument property, its causing the below error mentioned.

Error: Error: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "xxx.com" from accessing a cross-origin frame. at Error (native) at checkLoaded (chrome-extension://hkdhfkdhfkdhfkdhfkdhfkdhkdkd/js/app.js:152:33) Error: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "xxx.com" from accessing a cross-origin frame. at Error (native) at checkLoaded (chrome-extension://hkdhfkdhfkdhfkdhfkdhfkdhkdkd/js/app.js:152:33)

I know we can't access elements or frames that have a different domain. But that is not the case in my scenario.

How I verified it: 

Protocol = https (Not able mention it as part of URLs as stackoverflow is not allowing me do so)

iframe.src = xxx.com/dfg/rty?id=50061000000pOCB&isdtp=vw&inCon…85f85811b751bf4b4a18b5e&IFrameOrigin=https%3A%2F%2Fxxx

iframe.ownerdocument.location.origin = xxx.com

From the above information we can understand both the iframe and its parent document are having same domain.

then I checked the document domain from where I am executing the script (chrome extension content script page), since content script shares the same document as web-page I got the same domain (xxx.com), but the content-script url is different (chrome-extension://kfhdkfdhfildfldf/js/app.js). Do this causing the issue.

Can any one please try to explain me why cross-origin issue is occurring though the domains are same across the iframes.

1 answers

solution1
 0 ACCPTED  2016-01-08 09:11:48

As I said in the question, my requirement is to inject scripts in to each child window(iframes).

If we add "all_frames":true then chrome browser will evaluate content-scripts on each iframe, it solves my requirement. From content script by accessing document object I am injecting the scripts.

For more info: access iframe content from a chrome's extension content script

Note: Still I don't know why I am facing cross-origin issue.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Iframe Cross-Origin Issue Cross-Origin issue with iFrame for chrome extension SecurityError: Blocked a frame with origin from accessing a cross-origin frame Blocked a frame with origin “file://” from accessing a cross-origin frame how can I access iframe.contentDocument to get response after cross-origin request? Uncaught DOMException: Blocked a frame with origin “http://localhost:8080” from accessing a cross-origin frame while listing the iframes in page Accessing a parent object from an iframe (cross-origin) SCORM: SecurityError: Blocked a frame with origin from accessing a cross-origin frame FOR SAME ORIGIN how to solve iframe's cross-origin issue? Unable to get frame content, Uncaught DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM