1

I'm generating iframes dynamically for a lot of different random websites, and I tend to get this error in my javascript console (not necessarily with this url):

Unsafe JavaScript attempt to access frame with URL http://localhost:3000/results/ from frame with URL http://www.apple.com/iphone/. Domains, protocols and ports must match.

Why am I getting this error? Is there a way to get rid of it?

So the only two times I interact with iframes in javascript is when I dynamically load in an iframe:

$("#results_div").html('<iframe src='+url+' frameborder="0" class="iframe"><p>Browser does not support iframes.</p></iframe>');

and when I pull the src attribute of an iframe:

var previewed = $("iframe").attr("src");

Which one is causing the error?

Improve this question
1
  • This is a security issue; can you elaborate on Javascript / script-tags that are in your iframe's code? Commented Jul 11, 2011 at 4:21

3 Answers 3

Reset to default
4

Script in your iframe is trying to access parent's script/dom and they are in different domains. Cross domain scripting genrally generates that error.

In your case, apple.com and localhost are different domains and something in those iframe is trying to access its parent window's script or dom element.

Couple of ways to solve this:

Improve this answer
Sign up to request clarification or add additional context in comments.

9 Comments

Thanks. I updated my question details. Which code is responsible for this error? And which one of your solutions would be the easiest/quickest to implement?
From the error message, it seems something inside the iframe is trying to access your code. Most major sites doesn't allow iframing, so they do check if they are being iframed (content copy being one reason). I suspect that check is throwing this error. Your code doesn't seem to be doing anything anyway.
Yeah, that's exactly what's happening. I can't really make sure both belong to the same domain because I'm generating iframes for different domains, right?
so for example, would I be able to set both the iframe and the host page to the same domain with document.domain? I'm sort of confused about this
Unless you are serving both pages, you cannot change the domain. document.domain is used mainly when you've subdomains and you set the domain to the least common domain so that subdomains can talk to each other. If you're generating iframes that simply load other sites, then there's nothing much you can do. On the other hand, if there is certain content that you want to retrieve, you have to go thru their APIs to retrieve that. The design depends on what your bigger goals are.
|
0

This is due to the fact that your script is trying to acces some code on another domain. This behaviour can be understood by reading Same origin Policy. http://en.wikipedia.org/wiki/Same_origin_policy

There are workarounds and some implementation by which you can resolve this issue.

Some of them are using proxy approach, Fragment identifier approach.

In HTML5 we can use postmessages to get this resolved.

But you have to figure out what may work for you.

Improve this answer

Comments

0

You cannot interact with a different domain with javascript or iframes apart from loading the domain with the into the iframe.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.