不安全的 JavaScript 尝试使用 URL 访问框架
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/4324108/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Unsafe JavaScript attempt to access frame with URL
提问by Atul
I am getting the below error when i try to set a hash value to the parent url from iframe which contains another domain url:
当我尝试从包含另一个域 url 的 iframe 为父 url 设置哈希值时,出现以下错误:
Unsafe JavaScript attempt to access frame with URL "URL1" from frame with URL "URL2". Domains, protocols and ports must match.
不安全的 JavaScript 尝试从 URL“URL2”的框架访问 URL“URL1”的框架。域、协议和端口必须匹配。
How can I fix this problem?
我该如何解决这个问题?
回答by Sean Kinsey
From a child document of different origin you are not allowed access to the top window's location.hashproperty, but you are allowed to set the locationproperty itself.
不允许从不同来源的子文档访问顶部窗口的location.hash属性,但可以设置location属性本身。
This means that given that the top windows location is http://example.com/page/, instead of doing
这意味着鉴于顶部窗口位置是http://example.com/page/,而不是执行
parent.location.hash = "#foobar";
you do need to know the parents location and do
你确实需要知道父母的位置并且做
parent.location = "http://example.com/page/#foobar";
Since the resource is not navigated this will work as expected, only changing the hash part of the url.
由于资源未导航,这将按预期工作,仅更改 url 的哈希部分。
If you are using this for cross-domain communication, then I would recommend using easyXDMinstead.
如果您将其用于跨域通信,那么我建议您改用easyXDM。
回答by EvilMM
Crossframe-Scripting is not possible when the two frames have different domains -> Security.
当两个框架具有不同的域 -> 安全性时,跨框架脚本是不可能的。
See this: http://javascript.about.com/od/reference/a/frame3.htm
看到这个:http: //javascript.about.com/od/reference/a/frame3.htm
Now to answer your question: there is no solution or work around, you simply should check your website-design why there must be two frames from different domains that changes the url of the other one.
现在回答您的问题:没有解决方案或变通方法,您只需检查您的网站设计为什么必须有来自不同域的两个框架来更改另一个的 url。
回答by Tommy
I was getting the same error message when I tried to chamge the domain for iframe.src.
当我尝试更改 iframe.src 的域时,我收到了相同的错误消息。
For me, the answer was to change the iframe.src to a url on the SAME domain, but which was actually an html re-direct page to the desired domain. The other domain then showed up in my iframe without any errors.
对我来说,答案是将 iframe.src 更改为相同域上的 url,但这实际上是一个 html 重定向页面到所需域。然后另一个域出现在我的 iframe 中,没有任何错误。
Worked like a charm. :)
像魅力一样工作。:)
回答by Tommy
A solution could be to use a local file which retrieves the remote content
解决方案可能是使用检索远程内容的本地文件
remoteInclude.php
远程包含.php
<?php
$url = $_GET['url'];
$contents = file_get_contents($url);
echo $contents;
The HTML
HTML
<iframe frameborder="1" id="frametest" src="/remoteInclude.php?url=REMOTE_URL_HERE"></iframe>
<script>
$("#frametest").load(function (){
var contents =$("#frametest").contents();
});
回答by Luke Alderton
I found that using the XFBML version of the Facebook like button instead of the HTML5 version fixed this problem. Add the below code where you want the button to appear:
我发现使用 XFBML 版本的 Facebook 点赞按钮而不是 HTML5 版本解决了这个问题。在您希望按钮出现的位置添加以下代码:
<div id="fb-root"></div>
<script>(function (d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
<fb:like send="true" layout="button_count" width="50" show_faces="false" font="arial"></fb:like>
Then add this to your HTML tag:
然后将其添加到您的 HTML 标签中:
xmlns:fb="http://ogp.me/ns/fb#"
回答by user2345833
The problem is even if you create a proxy or load the content and inject it as if it's local, any scripts that that content defines will be loaded from the other domain and cause cross-domain problems.
问题是,即使您创建代理或加载内容并将其注入,就好像它是本地的一样,该内容定义的任何脚本都将从其他域加载并导致跨域问题。
