Chrome 扩展:不安全的 JavaScript 尝试访问具有 URL 域、协议和端口必须匹配的框架
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/11569723/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Chrome Extension: Unsafe JavaScript attempt to access frame with URL Domains, protocols and ports must match
提问by Cilvic
This answer specifies explains how to access the content of all iframes on gmail.com https://stackoverflow.com/a/9439525/222236
此答案指定了如何访问 gmail.com https://stackoverflow.com/a/9439525/222236上所有 iframe 的内容
But on mail.google.com it throws this error:
但是在 mail.google.com 上它会抛出这个错误:
Unsafe JavaScript attempt to access frame with URL https://plus.google.com/u/0/_/... from frame with URL https://mail.google.com/mail/u/0/#inbox. Domains, protocols and ports must match.
I tried adding *://plus.google.com/*to the matches of the manifest of the extension, but it didn't help.
我尝试添加*://plus.google.com/*扩展清单的匹配项,但没有帮助。
Update: Checking for the url before accessing the content works, but my logic is very crude at the moment as it only checks for google plus:
更新:在访问内容之前检查 url 有效,但我的逻辑目前非常粗糙,因为它只检查 google plus:
if(-1==iframes[i].src.indexOf('plus.google.com')) {
contentDocument = iframes[i].contentDocument;
if (contentDocument && !contentDocument.rweventsadded73212312) {
// add poller to the new iframe
checkForNewIframe(iframes[i].contentDocument);
}
}
采纳答案by Rob W
Access is blocked due to the same origin policy.
The right way to avoid the error is to exclude the frames from a different origin. Your logic is very crude indeed. It does not specifically look in the host name, and it doesn't account for other domains.
Invert the logic to have a robust solution:
由于同源策略,访问被阻止。
避免错误的正确方法是排除来自不同来源的帧。你的逻辑确实很粗糙。它不会专门查看主机名,也不会考虑其他域。
反转逻辑以获得可靠的解决方案:
if (iframes[i].src.indexOf(location.protocol + '//' + location.host) == 0 ||
iframes[i].src.indexOf('about:blank') == 0 || iframes[i].src == '') {
Explanation of this white list:
白名单说明:
protocol://host/=https://mail.google.com.
Obviously, the current host has to be allowedabout:blankand an empty string
These frames are dynamically created and scripted by GMail.
protocol://host/=https://mail.google.com.
显然,必须允许当前主机about:blank和一个空字符串
这些框架是由 GMail 动态创建和编写的。
回答by Oliver Moran
mail.google.comand plus.google.comare not the same domain. JavaScript implementations in modern web browsers do not allow cross-domain scripting.
mail.google.com并且plus.google.com不是同一个域。现代 Web 浏览器中的 JavaScript 实现不允许跨域脚本。
Without resorting to different kinds of hackery, the correct way to get around this is through CORS (http://en.wikipedia.org/wiki/Cross-origin_resource_sharing), which is not available to you in this circumstance.
在不求助于不同类型的黑客的情况下,解决此问题的正确方法是通过 CORS ( http://en.wikipedia.org/wiki/Cross-origin_resource_sharing),在这种情况下您无法使用它。
