javascript 使用相同的域阻止了具有源的框架访问跨源框架
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28348587/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
blocked a frame with origin from accessing a cross-origin frame Using the same domain
提问by ricardo
Hi I am having a problem with this message.
您好,我遇到了这条消息的问题。
the url from my MAIN page is:
我的主页上的网址是:
page1.mydomain.com/page1.html
this page have a Iframe to:
此页面有一个 Iframe:
frame.mydomain.com/iframe.html
and from the main page I open a window from a another page like that:
从主页上,我从另一个页面打开一个窗口,如下所示:
mywindow = window.open("http://page1.mydomain.com/page3.html", 'page3', 'status=1,height=768,width=1280,scrollbars=1');
all the 3 pages have set the javascript:
所有 3 个页面都设置了 javascript:
document.domain = "mydomain.com";
I can interact from the main page to the iframe without a problem. I only have problem to access the window.open properties.
我可以毫无问题地从主页到 iframe 进行交互。我只有访问 window.open 属性时遇到问题。
Like:
喜欢:
mywindow.document.getElementById("something")
I got that error message.
我收到了那个错误信息。
blocked a frame with origin from accessing a cross-origin frame
if I try from the page3:
如果我从 page3 尝试:
window.opener.document.getElementById("somethingPage1")
I got the same error:
我得到了同样的错误:
blocked a frame with origin from accessing a cross-origin frame
Why I can interact with the iframe and can't interact with the window.open and the window.opener ?
为什么我可以与 iframe 交互而不能与 window.open 和 window.opener 交互?
回答by Ankit Senjaliya
In my case domain names were different and I solved it by replacing client's domain with the parent's domain name. You can try that if domain name is not matter in child(popup) windows. What you are trying to access window.opener.document.getElementById() won't work. It will raise security error as you posted. Best way to do is make both the URLs under the same Domain Name if it's possible. Or just for the development you can install extension "Allow-Control-Allow-Origin:" in Chrome it will work.
在我的情况下,域名是不同的,我通过用父域名替换客户端的域来解决它。如果域名在子(弹出)窗口中无关紧要,您可以尝试。您试图访问 window.opener.document.getElementById() 的内容将不起作用。当您发布时,它会引发安全错误。如果可能,最好的方法是将两个 URL 放在同一个域名下。或者只是为了开发,您可以在 Chrome 中安装扩展“Allow-Control-Allow-Origin:”它会起作用。
