1. 技术文章
  2. SecurityError: Permission denied to access property on cross-origin object laravel/javascript

SecurityError: Permission denied to access property on cross-origin object laravel/javascript

我的梦境 提交于 2019-12-11 19:46:25

问题


I have a laravel app. i have two urls 

Route::get('/', function () {
    return view('welcome');
});

Route::get('/pdf', function () {
    $headers = [
        'Access-Control-Allow-Origin' => 'http://cms.test'
    ];
    return response()->file('test.pdf', $headers);
});

inside welcome i have added an iframe 

<iframe src="{{ url('pdf') }}" width="100%" height="80%" id="test_frame" ></iframe>

now when i do 

window.frames["test_frame"].contentWindow

it gives Restricted http://cms.test/pdf:Object

and when i try to access any property on the contentWindow i get 

SecurityError: Permission denied to access property "getSelections" on cross-origin object

i have tried package "barryvdh/laravel-cors": "^0.11.2",

please help. I don't know how am I having different origins?

Edited: I now know that the document.URL of iframe is "about:blank"

来源:https://stackoverflow.com/questions/54518384/securityerror-permission-denied-to-access-property-on-cross-origin-object-larav

标签
javascript
laravel
iframe
xss
same-origin-policy
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!