I have the following pages:
www.aaa.com/a.html
<input onClick=parent.miFunction() />
www.bbb.com/b.html
<script>
miFunction(){
alert("sss")
}
</script>
<iframe src="www.aaa.com/a.html"> </iframe>
The problem happend when somebody presses the button in www.aaa.com/a.html. The console logs the following error:
live:1 Uncaught DOMException: Blocked a frame with origin "www.aaa.com" from accessing a cross-origin frame.
at HTMLButtonElement.onclick (www.aaa.com/a.html:1:8)
Thank you!
Related
When I click the box to confirm I am not a robot, the blue spinner starts spinning but never stops. Eventually the error "Error: Permission denied to access property" appears in the browser console, followed by a (seemingly) random 10 -15 character string, e.g. "rne4xiajwyh".
My code:
<script type="text/javascript">
var onloadCallback = function() {
grecaptcha.render('html_element', {
'sitekey' : 'my_site_key'
});
};
</script>
<form action="#" method="POST">
<div id="html_element"></div>
<br>
<input type="submit" value="Submit">
</form>
<script src="https://www.google.com/recaptcha/api.js?onload=onloadCallback&render=explicit"
async defer>
</script>
I'm struggling to fix this as I can't find any solutions online, and am unsure how to debug it. Any help would be much appreciated.
Thanks
EDIT: Error message in chrome:
Uncaught DOMException: Blocked a frame with origin "https://www.google.com" from accessing a cross-origin frame.
at Dp.f.Ub (https://www.gstatic.com/recaptcha/api2/r20170213115309/recaptcha__pl.js:349:353)
at Dp.vb (https://www.gstatic.com/recaptcha/api2/r20170213115309/recaptcha__pl.js:345:59)
<head>
...
<META HTTP-EQUIV="Access-Control-Allow-Origin" CONTENT="http://www.example.org">
...
</head>
Error: Permission denied to access property “document”
It looks like you have to allow cross domain requests:
If you run apache (it might also be pasted in the .htaccess):
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin https://www.gstatic.com
</IfModule>
Or with php:
header("Access-Control-Allow-Origin: https://www.gstatic.com");
Or with nginx (server part):
add_header Access-Control-Allow-Origin https://www.gstatic.com; # < this is the needed header
SoundCloud SDK v3.1.2
I registered my App approximately 1 year ago.
Today I discovered that my SoundCloud (SC) sign-in stopped working.
When I click on the button the SC pop-up appears with message "Allow “domain.com” access to your SoundCloud account?" I click connect and get the callback pop-up with the message "This popup should automatically close in a few seconds". The callback pop-up never closes. And in the dev console (for the callback pop-up) I see the following errors:
Chrome 55.0.2883.87 m (64-bit)
VM2980 callback.html?code=3717208…&state=SoundCloud_Dialog_508d9:7 Uncaught DOMException: Blocked a frame with origin "http://domain.com" from accessing a cross-origin frame.
at onload (http://domain.com/callback.html?code=3717208cc602aba6cc0195157ecd2b6b&state…8d9#access_token=1-166020-17988851-e8f6b064d7ccd4&scope=non-expiring:7:105)
onload # VM2980 callback.html?code=3717208…&state=SoundCloud_Dialog_508d9:7
Firefox 50.1.0
Error: Permission denied to access property "SC" callback.html:1:1
Learn More
My callback.html:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Connect with SoundCloud</title>
</head>
<body onload="window.setTimeout(window.opener.SC.connectCallback, 1);">
<p>
This popup should automatically close in a few seconds
</p>
</body>
</html>
The JavaScript function (in AngularJS 1.6 component controller) that is triggered by a button on my page:
...
this.connect_sc = function () {
debugger;
// initiate auth popup
SC.connect().then(function () {
debugger;
return SC.get('/me');
}).then(function (me) {
debugger;
userPerma = me.permalink;
setScUi(me.username, me.avatar_url);
getPlaylists();
});
};
...
I tried to debug it putting some breakpoints. Here I don't get SC promise executed, it breaks only on the first debugger; after I click on my button.
Why is that and how to fix it?
Same problem for me.
I fixed it with a redirection. When I was in my website without the "www" it didn't work because the callback is registered with "www".
I added a redirection to only have my website with "www" and now it works well!
Hope it'll help.
I'm doing a site that fetches the stock property from a site and show it on my site.
But i'm having issue in displaying the it.
Here's the code :
<head>
<script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
</head>
<iframe id="frame3" src="http://www.stockpart.net" sandbox="allow-forms allow-scripts allow-same-origin " style="visibility : hidden "></iframe>
<script>
$(document).ready ( function(){
$('#frame3').contents().find('.addClassClose').show();
});
</script>
I'm getting the following errors :
AD BLOCK NOT DETECTED
pop.js:1 rt():in true false tabunder 2
pop.js:1 rt():adv.bind http://serve.popads.net/servePopunder.php?cid=242978
pop.js:1 Uncaught SecurityError: Blocked a frame with origin "http://stockpart.net" from accessing a frame with origin "http://www.example.com". Protocols, domains, and ports must match.
Anyway is there anyway i can fetch information with the other site class/id using jQuery within an iframe?
I found the answer on the post posted by Patrick Evans with some modifications.
<?php
$homepage = file_get_contents('http://stockpart.net');
echo $homepage;
?>
Then put the iframe on the main page to get the stock information
I need to parse a content that is dynamically generated by a javascript from a remote page.
For example, I need to get the price from this page: http://www.alibaba.com/product-detail/BRG-Newest-Fashional-Protective-Case-For_1666645206.html#J-wrapper
but the price is generated by a javascript, so when I download the page with ajax, it downloads only the html file without the results of the scripts.
So I tried to embed in the background an iframe and then parse the document inside this iframe, but there is a security issue that doesn't let me parse it.
Do you know if there is another way I can do it?
The function that I use is this:
$.ajax({
url: url,
dataType: 'text',
success: function(html, _, xhr) {});
but the resulting HTML is without the scripts information, so the price is empty.
I tried to use also:
<html lang="en">
<head>
<meta charset="utf-8">
<title>contents demo</title>
<script src="http://code.jquery.com/jquery-1.10.2.js"></script>
</head>
<body>
<iframe src="http://api.jquery.com/" width="80%" height="600" id="frameDemo"></iframe>
<script>
document.getElementById("frameDemo").onload = function() {
var contents = $( "#frameDemo" ).contents();
}
</script>
</body>
</html>
but I get this error:
Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement':
Blocked a frame with origin "null" from accessing a frame with origin "api.jquery.com".
The frame requesting access has a protocol of "file", the frame being accessed has a protocol of "http".
Protocols must match.
Instead of using an iframe, try using a chrome app webview. It will run in a segregated container without the restrictions you referenced. But you can still communicate with it.
I am using below mentioned script to get href of new opened window, but its not working
Browser FF 7, IE 9, WIN 7
Can someone please let me know what's wrong in the script
Thanks in Advance
Akhil
<html>
<head>
<script type="text/javascript">
function open_win()
{
var mywindow=window.open("http://thesun.co.uk");
var clbutton=document.createElement("button");
var par=document.getElementById("main");
clbutton.setAttribute("id","focus");
clbutton.setAttribute("value","CLICK");
clbutton.innerHTML="CLICK";
par.insertBefore(clbutton,null);
clbutton.onclick=function() {alertMsg(mywindow);}
}
function alertMsg(mywindow)
{
mywindow.focus();
var t=mywindow.location.href;
alert(t);
//mywindow.alert("testing");
mywindow.close();
}
</script>
</head>
<body onload="open_win()">
<p id="main"></p>
</body>
</html>
You can't get the URL of sites that are in a different domain or protocol as the script that you are running. It is due to cross-domain restrictions. Chrome gives you the following error:
Unsafe JavaScript attempt to access frame with URL http://www.thesun.co.uk/sol/homepage/ from frame with URL http://fiddle.jshell.net/_display/. Domains, protocols and ports must match.
I think that it might be because the variable is not set yet. I think you might need a callback to say that the dom is ready for the new window.