Problem: I'm trying to catch errors in iframe loading using Javascript. The solution needs to be able to pass in an error statement with a url to another function, since I need to be able to retrieve the url of the page on which the error occurs (not the original iframe 'src' attribute).
Refused to display '...' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
I know that most people would immediately think this is impossible for browser "sameorigin" security policies, but I'm pretty sure there's some (hackety) workaround.
Not sure if this will help, but Google Chrome displays the error message in the console.
Can we catch all errors issued by the page, or overwrite the default error handler for a specific site?
Note: The page in the iframe is not on the same origin as its parent.
Related
I am working on a project, and it involves me clicking a reCaptcha element (iframe) in JavaScript. I have found multiple ways to detect if there is a reCaptcha element (".g-recaptcha", role='presentation' on the iframe itself, etc) however upon trying to click it I get console errors. Note that right now I am just executing the code in the web console, and have not actually programmed it into an extension. Basically, the command I am trying to run the console is :
document.querySelector('[role="presentation"]').contentWindow.document.getElementById("recaptcha-anchor").click()
The reason this "should" work is because the iframe element has the unique attribute of "role=presentation", it then goes into the html code embedded in the iframe and tries to click the little box, as noted by "recaptcha-anchor". However, testing this code grants me the following error:
VM8195:1 Uncaught DOMException: Blocked a frame with origin "https://minecraft.buzz" from accessing a cross-origin frame.
at <anonymous>:1:62
(anonymous) # VM8195:1
Does someone have any ways to get around this, or potentially know how I could code something in a JS chrome extension to do this?
I want to get Content from a website with an iframe and I'm using basysmith`s answer here(https://stackoverflow.com/a/3127056/8177490) to get the content so that I can serve the iframe from my domain.
I want to display only a certain div, let's call it "table-wrap" from the page and have everything else in the iframe hidden.
I've tried almost every answer on this topic but nothing seems to work.
When I am using this
var iframeDoc = document.getElementById('iframeid').contentWindow;
jQuery(iframeDoc).find('body > not:#table-wrap').hide();
jQuery(iframeDoc).find('#table-wrap').appendTo('body');
in the console.
I am still getting an error, although it is served from my Script on my Domain:
VM4380:66 Uncaught DOMException: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "https://mydomain.de" from accessing a cross-origin frame.
at HTMLIFrameElement.contentDocumentDesc.get [as contentDocument] (<anonymous>:66:14)
at contents (https://mydomain.de/wp-includes/js/jquery/jquery.js?ver=1.12.4:2:26888)
at Function.map (https://mydomain.de/wp-includes/js/jquery/jquery.js?ver=1.12.4:2:3613)
at a.fn.init.n.fn.(anonymous function) [as contents] (https://mydomain.de/wp-includes/js/jquery/jquery.js?ver=1.12.4:2:27001)
at <anonymous>:1:18
I've tried also different ways with iframe.onload and
jQuery("#iframeID").ready(function () {
jQuery('#iframeid > :not(#table-wrap)').hide();
jQuery('#table-wrap').appendTo('body');
});
But nothing seems to work.
Does anybody have an idea for this how I can get this to work?
Would appreciate anything.
Is the location where you are pulling jQuery from (https://mydomain.de) the same as both the outer page and also in the inner iFrame page?
Because the task of actually accessing the iFrame content falls to jQuery in your example, you'll want to verify that all domains (including the jQuery script itself) match to avoid cross domain errors.
Depending on what you're trying to do, window.postMessage may be a better solution anyway as it bypasses a lot domain and security problems (assuming you own both the outer and inner pages), or even just a direct ajax request between the page and your server (thus avoiding the iFrame altogether).
Have an issue where an iframe with external source loads a page with errors thrown in console. What i'm looking for is a solution to grab these errors and determine what information to show based on them. There are multiple iframes loading within the page.
So, the code outside the iframe should track and collect the console info. How can I achieve this? Thanks!
Just an example I get this error in console:
Refused to display 'http://[url]/' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
I would like to catch this error and infrom user that the webpage could not load properly.
If you have an access to iframe's code, you can actually post messages to window.parent depending on errors and handle them on your side. Take a look at that at Mozilla's window.postMessage
im using an iframe from the fancybox plugin. I can close the iframe in every browser excpect google chrome with the javascript order:
parent.$.fancybox.close();
or:
parent.jQuery.fancybox.close();
just google chrome refuses to do his job in this case.
The error message of the console is:
Unsafe JavaScript attempt to access frame with URL file:///C:/Users/exampleuser/Desktop/index.html from frame with URL file:///C:/Users/exampleuser/Desktop/Version42/index.html#. Domains, protocols and ports must match.
pidgin.js:357Uncaught TypeError: Cannot read property 'fancybox' of undefined
My frame is local at the moment if that matters.
Try using parent.postMessage() (described here) and listen in on window.onmessage at the parent to invoke $.fancybox.close().
Nothing wrong with your code but Google Chrome won't let you work with ajax or iframes (and fancybox) locally. You need to upload your files to a server to make it work.
I've read several of the questions on this but am still a little confused.
For example: OK, I can't post examples because of hyperlink limitations
Here is my exact situation.
I have a site at mydomain.com
One of the pages has an iframe to another page at sub.mydomain.com
I am trying to prepare an onload script that if the page is not in an iframe or the parent domain of the page containing the iframe is not mydomain.com then redirect to mydomain.com.
After the initial permission issues I realised the problem with sub domains counting as separate domains.
One of the posts above says that "could each use either foo.mydomain.com or just mydomain.com"
So I tried (for testing):
onload="document.domain='mydomain.com';alert(parent.location.href);"
This produced the error (http replaced with lar
Error: Permission denied for <http://sub.mydomain.net> (document.domain=<http://mydomain.net>) to get property Location.href from <http://mydomain.net> (document.domain has not been set).
Source File: http://sub.mydomain.net/?pageID=1&framed=1
Line: 1
Removing the alert produces no errors.
Maybe I am going about this the wrong way since I do not need to interact with the parent just read its domain if there is one.
A nice simple top.domain. For read only there must be a way so that people can prevent their own pages being used within other people's sites.
You can't (easily) do this because of security restrictions.
This answer from #2771397 might point you in the right direction.
OK, while looking at the error console I still had open when I got home a wee lightbulb lit up. I am pretty new to javascript (can you tell ;) but I thought "If it has try/catch"...
well here is a hack at least to get the name of the top domain and an example of how I will use it in my site to show content only if the page is a frame in the correct domain.
Firstly the header will have the following partially PHP generated function:
function getParentDomain()
{
try
{
var wibble=top.location.href;
}
catch(err)
{
if (err.message.indexOf('http://mydomain.com')!=-1)
{
createCookie('IAmAWomble','value')
}
}
}
Basically the value will be something based on the PHP session I think. This will be executed at page load.
If the page is not within the proper site or if javascript is not enabled then the cookie will not be created.
PHP will then attempt to read the correct value from the cookie and show the content or an error message as appropriate.
I do see a slight flaw in this for first visit since page load will run after PHP has generated the content but I'm sure I can work around this somehow. I thought I'd post because this is at least what I was initially asking for and that is a way to read the URL of a parent site if it is in a different domain to the site in the frame.
IIUC you want to use the window.parent attribute: “A reference to the parent of the current window or subframe.”
Assumably, window.parent.document.location.host contains the container page URL domain name.