What I need : I want to inject scripts in to all iframes (windows) presented in a web page (as part of my chrome extension development).
While doing so I am accessing iframe element contentDocument property, its causing the below error mentioned.
Error: Error: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "xxx.com" from accessing a cross-origin frame. at Error (native) at checkLoaded (chrome-extension://hkdhfkdhfkdhfkdhfkdhfkdhkdkd/js/app.js:152:33)
Error: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "xxx.com" from accessing a cross-origin frame. at Error (native) at checkLoaded (chrome-extension://hkdhfkdhfkdhfkdhfkdhfkdhkdkd/js/app.js:152:33)
I know we can't access elements or frames that have a different domain. But that is not the case in my scenario.
How I verified it:
Protocol = https (Not able mention it as part of URLs as stackoverflow is not allowing me do so)
iframe.src = xxx.com/dfg/rty?id=50061000000pOCB&isdtp=vw&inCon…85f85811b751bf4b4a18b5e&IFrameOrigin=https%3A%2F%2Fxxx
iframe.ownerdocument.location.origin = xxx.com
From the above information we can understand both the iframe and its parent document are having same domain.
then I checked the document domain from where I am executing the script (chrome extension content script page), since content script shares the same document as web-page I got the same domain (xxx.com), but the content-script url is different (chrome-extension://kfhdkfdhfildfldf/js/app.js). Do this causing the issue.
Can any one please try to explain me why cross-origin issue is occurring though the domains are same across the iframes.
As I said in the question, my requirement is to inject scripts in to each child window(iframes).
If we add "all_frames":true
then chrome browser will evaluate content-scripts on each iframe, it solves my requirement. From content script by accessing document object I am injecting the scripts.
For more info: access iframe content from a chrome's extension content script
Note: Still I don't know why I am facing cross-origin issue.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.