问题
I am using a content script in a Chrome extension to access a document in a cross domain iframe, using this code:
document.querySelector('iframe').contentWindow.document
This worked fine until I upgraded to the latest version of Google Chrome (45.0.2454.101 64-bit), which reports the following security error when accessing the iframe:
Uncaught SecurityError: Blocked a frame with origin
"http://www.miercn.com" from accessing a frame with origin
"http://pos.baidu.com". Protocols, domains, and ports must match.
What changed in this version of Chrome and how to resolve this problem?
My Chrome version:
Google Chrome 45.0.2454.101 (正式版本) (64 位) 修订版本 3b3c00f2d95c45cca18ab944acced413fb759311-refs/branch-heads/2454@{#502} 操作系统 Mac OS X Blink 537.36 (@3b3c00f2d95c45cca18ab944acced413fb759311) JavaScript V8 4.5.103.35 Flash 19.0.0.185 用户代理 Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.101 Safari/537.36 命令行 /Applications/Google Chrome.app/Contents/MacOS/Google Chrome --enable-avfoundation --enable-avfoundation --flag-switches-begin --flag-switches-end
回答1:
You will have to use cross-domain messaging via postMessage.
And in order for your content script on the main page to communicate with the content script injected into the iframe, the content script should be injected in all frames:
"content_scripts": [{
"matches": ["<all_urls>"],
"js": ["content.js"],
"all_frames": true
}],
来源:https://stackoverflow.com/questions/32815250/accessing-the-document-of-a-cross-domain-iframe-using-an-extension-in-chrome-45