不安全的 JavaScript 尝试访问 Google Chrome 中的框架

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/5660116/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-10-25 17:57:01  来源:igfitidea点击:

Unsafe JavaScript attempt to access frame in Google Chrome

javascriptsecuritygoogle-chromeiframe

提问by Kayote

Our web application (based on HTML5, SVG & JS) runs fine in all the browsers except Google Chrome.

我们的 Web 应用程序(基于 HTML5、SVG 和 JS)在除 Google Chrome 之外的所有浏览器中都运行良好。

In Google Chrome, the normal javascript events run fine, however, all the javascript events attached to the iFrame are not executed. We get the error in the console:

在谷歌浏览器中,正常的 javascript 事件运行良好,但是,附加到 iFrame 的所有 javascript 事件都不会执行。我们在控制台中得到错误:

Unsafe JavaScript attempt to access frame

At the moment, the application is locally hosted and this problem cropped up during inhouse testing.

目前,该应用程序是本地托管的,并且在内部测试期间出现了这个问题。

Googling this brings up lots of posts but none suggests any concrete solution. Any suggestions?

谷歌搜索这会带来很多帖子,但没有人提出任何具体的解决方案。有什么建议?

回答by Justin

As an additional security measure, Chrome treats every "file" path as its own origin rather than treating the entire "file" scheme as a single origin (which is what other browsers do). This behavior applies only to "file" URLs and you can force Chrome to revert to a single local origin (like other browsers) by passing the --allow-file-access-from-filesswitch at startup.

作为一项额外的安全措施,Chrome 将每个“文件”路径视为自己的来源,而不是将整个“文件”方案视为单一来源(其他浏览器就是这样做的)。此行为仅适用于“文件”网址,您可以通过在启动时传递--allow-file-access-from-files开关来强制 Chrome 恢复到单个本地来源(与其他浏览器一样)。

You can find more information on the risks associated with local origins described here: http://blog.chromium.org/2008/12/security-in-depth-local-web-pages.html

您可以在此处找到有关与本地来源相关的风险的更多信息:http: //blog.chromium.org/2008/12/security-in-depth-local-web-pages.html

回答by Vladislav Zorov

Please make sure that both the iframe and main page are using the same protocol (i.e. both https or both http, but not mixed) and are on the same domain (i.e. both www.example.com and not example.com and dev.example.com). Also there's the possibility that something tries to use the file:// protocol, which will also cause this message.

请确保 iframe 和主页都使用相同的协议(即都使用 https 或同时使用 http,但不能混合使用)并且在同一个域中(即同时使用 www.example.com 而不是 example.com 和 dev.example .com)。还有可能是某些东西试图使用 file:// 协议,这也会导致此消息。