尝试在 JavaScript 中访问 iframe 时出错
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/13446106/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Error trying to access a iframe in JavaScript
提问by redline
I'm trying to call the function SC.Widget from this little API: http://developers.soundcloud.com/docs/api/html5-widget, but I receive this error message in the Chrome inspector and I am stuck there.
我正在尝试从这个小 API 调用 SC.Widget 函数:http: //developers.soundcloud.com/docs/api/html5-widget,但我在 Chrome 检查器中收到此错误消息,我被困在那里。
Unsafe JavaScript attempt to access frame with URL
file://localhost/Users/maxwell/Desktop/test/test.htmlfrom frame withURL
http://w.soundcloud.com/player/?url=http%3A%2F%2Fapi.soundcloud.com%2Ftracks%2F67825032&auto_play=false&show_artwork=true&color=ff7700.The frame requesting access has a protocol of 'http', the frame being accessed has a protocol of 'file'. Protocols must match.
不安全的 JavaScript 尝试
file://localhost/Users/maxwell/Desktop/test/test.html从带有 URL的框架中访问带有 URL 的框架
http://w.soundcloud.com/player/?url=http%3A%2F%2Fapi.soundcloud.com%2Ftracks%2F67825032&auto_play=false&show_artwork=true&color=ff7700.请求访问的帧具有“http”协议,被访问的帧具有“文件”协议。协议必须匹配。
<body>
<iframe id="soundcloud" width="100%" height="166" scrolling="no" frameborder="no"
src="http://w.soundcloud.com/player/?url=http%3A%2F%2Fapi.soundcloud.com%2Ftracks%2F67825032&auto_play=false&show_artwork=true&color=ff7700"></iframe>
<script>
Soundcloud();
</script>
</body>
function Soundcloud() {
var widget1 = SC.Widget(iframeElement.soundcloud);
alert("widget1");
}
I know it's doing this for security reasons, but how do I modify the SoundCloud widget if I can't access the frame?
我知道这样做是出于安全原因,但是如果我无法访问框架,我该如何修改 SoundCloud 小部件?
Thank you for helping!
谢谢你的帮忙!
回答by redline
When accessing an iframe with JavaScript or making any JSON AJAX requests, you can only get access or a response when they are on the same domain. Otherwise, the server must explicitly set:
使用 JavaScript 访问 iframe 或发出任何 JSON AJAX 请求时,您只能在它们位于同一域中时获得访问权限或响应。否则,服务器必须显式设置:
Access-Control-Allow-Origin: *
访问控制允许来源:*
in the headers. You can also provide a comma-separated list of allowed domains instead of *.
在标题中。您还可以提供以逗号分隔的允许域列表而不是 *。
So you must test this in a development environment where the web page and data source are on the same domain, such as localhost, otherwise there isn't really anything else you can do unless you start-up chrome with --disable-web-security
因此,您必须在网页和数据源位于同一域(例如 localhost)的开发环境中对此进行测试,否则除非您使用 --disable-web- 启动 chrome,否则您实际上无能为力安全
回答by Tom Estlack
You could add this to your iframe
您可以将此添加到您的 iframe
sandbox="allow-same-origin allow-scripts"
not supported in opera though - new item from w3schools. It will take care of the error, but it will break the player.
虽然在歌剧中不受支持 - w3schools 的新项目。它会处理错误,但会破坏播放器。
