When script tries to access a frame from a different origin Chrome blocks it and throws exception as
"Uncaught SecurityError: Blocked a frame with origin 'provider domain' from accessing a frame with origin 'mydomain'. Protocols, domains, and ports must match".
I got this error after some update in google chrome. Any suggestions?
This question is related to
javascript
google-chrome
Direct Javascript calls between frames and/or windows are only allowed if they conform to the same-origin policy. If your window and iframe share a common parent domain you can set document.domain
to "domain lower") one or both such that they can communicate. Otherwise you'll need to look into something like the postMessage() API.
This is a security update. If an attacker can modify some file in the web server (the JS one, for example), he can make every loaded pages to download another script (for example to keylog your password or steal your SessionID and send it to his own server).
To avoid it, the browser check the Same-origin policy
Your problem is that the browser is trying to load something with your script (with an Ajax request) that is on another domain (or subdomain). To avoid it (if it is on your own website) you can:
Source: Stackoverflow.com