I'm trying to resolve a bug, but i can't.
My problem is :
In my phonegap application, i need to integrate an iframe (I can't give my url for safety reasons). My iframe is displayed but i have an error message.
The iframe try to setCookies on the device and read it. If i launch the iframe on safari directly or if i use InAppBrowser of Phonegap, i have no problem/error. But through phonegap "iframe", I get an error.
The log are :
Blocked a frame with origin "http:// URL_IFRAME:NUMBER_PORT" from accessing a frame with origin "file://". The requesting access has a protocol of "http", the frame being accessed has a protocol of "file". Protocols must match.
I hope to be fairly accurate.
Thks
Related
I have a website running on, lets say web.test.company.cloud, which has en iframe from another sub domain on the same top level domain: tasks.test.company.cloud. The iframe uses postMessage to tell the parent document about its height in pixles.
When I open this page in Safari there's a console error saying:
Blocked a frame with origin "https://tasks.test.company.cloud" from accessing a frame with origin "https://web.test.company.cloud". Protocols, domains, and ports must match
It seems that Safari is the only major browser that does this. I find this strange since both documents do share both protocol, domain, and port. While reading about this issue I haven't found any workarounds, so any help on this is appreciated.
Also, will I have the same error in production where parent is running on company.cloud while the iframe is on tasks.company.cloud?
How can I download content from iframe?
enter image description here
NOT WORKING
document.getElementById('iframeID'); (show "object HTMLIFrameElement" not content)
$(iframeID).contents().find("html").html();
This will not be possible due to the same-origin policy imposed by the browser. You won't be able to access the contents of that iframe unless you are on the same domain.
Some methods will just give you an empty result:
document.getElementById('your-wiki-frame').innerHTML
> ""
document.getElementById('your-wiki-frame').innerText
> ""
Other methods might explicitly tell you about the restriction:
window.frames[0].body
> SecurityError: Permission denied to access property "body" on cross-origin object
This might seem like a pain, but if you're just somebody trying to programmatically access the contents of Wikipedia, you have no need for a browser as an intermediary.
If you really really wanted to use your browser for these shenanigans, you could route all of your traffic through an HTTP proxy you control so that some special path based off 'en.wikipedia.org' (e.g. http://en.wikipedia.org/your-special-page) returns your own site. This way, your browser would accept that the origin of your page was the same as the wikipedia content you are trying to access. Essentially you'd need to perform a man-in-the-middle attack on yourself, and of course it will only work on a network you control, and you'll run into mixed media restrictions if you try to access an iframe served over https from within a page served over http.
Has anyone see the following error before??? If so, please provide some advice.
" Uncaught SecurityError: Blocked a frame with origin "https://project-1283108821180873675.firebaseapp.com" from accessing a frame with origin "http://localhost:9000". The frame requesting access has a protocol of "https", the frame being accessed has a protocol of "http". Protocols must match."
Thank you,
You're trying to access a file from http://localhost in an app that you published. That will not work for two reasons:
visitors to https://project-1283108821180873675.firebaseapp.com won't have access to your machine (which is what localhost refers to)
you're trying to load the nested page over http, while the main site is loaded over https. That is a common phishing technique, so disallowed by all modern browsers.
Replace the iframe src attribute with a relative URL (removing the http://localhost:9000 part).
See Firebase: Why $firebaseSimpleLogin throws a SecurityError?
I'm trying to embed spotify album on wordpress based website. It is working well on backend while editing page and for new articles but not at home page: http://goo.gl/984skV
Web dev tools shows this error:
Uncaught SecurityError: Failed to read the 'contentDocument' property
from 'HTMLIFrameElement': Blocked a frame with origin
"http://www.******.com" from accessing a frame with origin
"https://embed.spotify.com". The frame requesting access has a
protocol of "http", the frame being accessed has a protocol of
"https". Protocols must match.
Any tips?
Part of a site I am working on at the moment requires Audio/Video previews.
These are server from a different server to the main site.
The Streaming URL is of the form:
www.myserver.com/Preview.aspx?e=I_AM_AN_ENCRYPTED_KEY
The Key is generated by the server that hosts the file, not the site on which the previews are actually displayed. It's kind of an API.
Part of the security to stop these previews being played anywhere except this website is supposed to check the domain which is requesting this, but it seems that HttpContext.Current.Request.UrlReferrer is NULL when requested from an HTML5 video/audio element.
Without posting the domain along with the Key to the API, is there any way that I can get the referring URL on the receiving server, server side?
EDIT:
To clarify:
There is a website with HTML5 elements which are directed to a URL on a different server, the URL and key is provided by this server (not the website)
When the API server receives a request to stream the preview it checks the Key (which basically tells it what to play) and also checks for the referring domain against a list of allowed domains.
Figured it out - in case anyone cares...
Simply replace:
ReferringDomain = HttpContext.Current.Request.UrlReferrer
with :
ReferringDomain = HttpContext.Current.Request.Headers("Referer")
Sorted! :)