Chrome blocks different origin requests

Question

When script tries to access a frame from a different origin Chrome blocks it and throws exception as       Uncaught SecurityError  Blocked a frame with origin  provider domain  from accessing a frame with origin  mydomain   Protocols  domains  and ports must match      I got this error after some update in google chrome  Any suggestions

User · Answer

Direct Javascript calls between frames and or windows are only allowed if they conform to the same-origin policy   If your window and iframe share a common parent domain you can set document domain to  domain lower   one or both such that they can communicate   Otherwise you ll need to look into something like the postMessage   API

User · Answer

This is a security update  If an attacker can modify some file in the web server  the JS one  for example   he can make every loaded pages to download another script  for example to keylog your password or steal your SessionID and send it to his own server    To avoid it  the browser check the Same-origin policy  Your problem is that the browser is trying to load something with your script  with an Ajax request  that is on another domain  or subdomain   To avoid it  if it is on your own website  you can    Copy the element on your own server  but it will be static   You can change your HTTP header to accept Cross-Origin content  See the Access-Control-Allow-Origin documentation for more information

[javascript] Chrome blocks different origin requests

Examples related to javascript

Examples related to google-chrome