问题
This answer specifies explains how to access the content of all iframes on gmail.com https://stackoverflow.com/a/9439525/222236
But on mail.google.com it throws this error:
Unsafe JavaScript attempt to access frame with URL https://plus.google.com/u/0/_/... from frame with URL https://mail.google.com/mail/u/0/#inbox. Domains, protocols and ports must match.
I tried adding *://plus.google.com/* to the matches of the manifest of the extension, but it didn't help.
Update: Checking for the url before accessing the content works, but my logic is very crude at the moment as it only checks for google plus:
if(-1==iframes[i].src.indexOf('plus.google.com')) {
contentDocument = iframes[i].contentDocument;
if (contentDocument && !contentDocument.rweventsadded73212312) {
// add poller to the new iframe
checkForNewIframe(iframes[i].contentDocument);
}
}
回答1:
Access is blocked due to the same origin policy.
The right way to avoid the error is to exclude the frames from a different origin. Your logic is very crude indeed. It does not specifically look in the host name, and it doesn't account for other domains.
Invert the logic to have a robust solution:
if (iframes[i].src.indexOf(location.protocol + '//' + location.host) == 0 ||
iframes[i].src.indexOf('about:blank') == 0 || iframes[i].src == '') {
Explanation of this white list:
protocol://host/=https://mail.google.com.
Obviously, the current host has to be allowedabout:blankand an empty string
These frames are dynamically created and scripted by GMail.
回答2:
mail.google.com and plus.google.com are not the same domain. JavaScript implementations in modern web browsers do not allow cross-domain scripting.
Without resorting to different kinds of hackery, the correct way to get around this is through CORS (http://en.wikipedia.org/wiki/Cross-origin_resource_sharing), which is not available to you in this circumstance.
来源:https://stackoverflow.com/questions/11569723/chrome-extension-unsafe-javascript-attempt-to-access-frame-with-url-domains-pr