问题
I am getting the below error when i try to set a hash value to the parent url from iframe which contains another domain url:
Unsafe JavaScript attempt to access frame with URL "URL1" from frame with URL "URL2". Domains, protocols and ports must match.
How can I fix this problem?
回答1:
From a child document of different origin you are not allowed access to the top window's location.hash property, but you are allowed to set the location property itself.
This means that given that the top windows location is http://example.com/page/, instead of doing
parent.location.hash = "#foobar";
you do need to know the parents location and do
parent.location = "http://example.com/page/#foobar";
Since the resource is not navigated this will work as expected, only changing the hash part of the url.
If you are using this for cross-domain communication, then I would recommend using easyXDM instead.
回答2:
Crossframe-Scripting is not possible when the two frames have different domains -> Security.
See this: http://javascript.about.com/od/reference/a/frame3.htm
Now to answer your question: there is no solution or work around, you simply should check your website-design why there must be two frames from different domains that changes the url of the other one.
回答3:
I was getting the same error message when I tried to chamge the domain for iframe.src.
For me, the answer was to change the iframe.src to a url on the SAME domain, but which was actually an html re-direct page to the desired domain. The other domain then showed up in my iframe without any errors.
Worked like a charm. :)
回答4:
A solution could be to use a local file which retrieves the remote content
remoteInclude.php
<?php
$url = $_GET['url'];
$contents = file_get_contents($url);
echo $contents;
The HTML
<iframe frameborder="1" id="frametest" src="/remoteInclude.php?url=REMOTE_URL_HERE"></iframe>
<script>
$("#frametest").load(function (){
var contents =$("#frametest").contents();
});
回答5:
I found that using the XFBML version of the Facebook like button instead of the HTML5 version fixed this problem. Add the below code where you want the button to appear:
<div id="fb-root"></div>
<script>(function (d, s, id) {
var js, fjs = d.getElementsByTagName(s)[0];
if (d.getElementById(id)) return;
js = d.createElement(s); js.id = id;
js.src = "//connect.facebook.net/en_GB/all.js#xfbml=1";
fjs.parentNode.insertBefore(js, fjs);
}(document, 'script', 'facebook-jssdk'));</script>
<fb:like send="true" layout="button_count" width="50" show_faces="false" font="arial"></fb:like>
Then add this to your HTML tag:
xmlns:fb="http://ogp.me/ns/fb#"
回答6:
The problem is even if you create a proxy or load the content and inject it as if it's local, any scripts that that content defines will be loaded from the other domain and cause cross-domain problems.
来源:https://stackoverflow.com/questions/4324108/unsafe-javascript-attempt-to-access-frame-with-url