Welcome Guest Search | Active Topics | Sign In | Register

accessing a cross-origin frame Options
Christian Porzio
Posted: Wednesday, February 27, 2019 5:35:34 PM
Rank: Advanced Member
Groups: Member

Joined: 10/4/2016
Posts: 104
Hi,

I feel I have already asked this question but cannot find any record of such topic from me or anyone else.

During testing, because we run the web app on this local server, when we open a child popup and call into it some function, for instance:
Code: JavaScript
this.myPopup.location.reload();
then we get the infamous error:
Blocked a frame with origin "http://localhost:4200" from accessing a cross-origin frame.

With Chrome, we can use the CORS plugin that allows to bypass this error.

Is there anything in EO that we can do to bypass this error too?

I have currently the following setting:
Code: C#
EO.WebEngine.BrowserOptions options = new EO.WebEngine.BrowserOptions();
options.EnableWebSecurity = false;
options.EnableXSSAuditor = false;
Runtime.SetDefaultBrowserOptions(options);


Any suggestion?
eo_support
Posted: Thursday, February 28, 2019 8:23:23 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,217
Hi,

I believe EnableWebSecurity is the right option. If that doesn't work for you, please send a test HTML file to us and we will be happy to debug into the source code to see what we can find.

Thanks!
Christian Porzio
Posted: Thursday, February 28, 2019 10:52:53 PM
Rank: Advanced Member
Groups: Member

Joined: 10/4/2016
Posts: 104
My deepest apology. I should have checked my code before sending this post. The EnableWebSecurity was set to true! As soon it changed to false, then the parent page did no longer complain about cross origin requests.

Thank for your prompt response!
eo_support
Posted: Friday, March 1, 2019 7:44:11 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,217
No problem. Glad to hear that it works for you!
johanepic
Posted: Tuesday, September 21, 2021 2:40:12 AM
Rank: Newbie
Groups: Member

Joined: 9/21/2021
Posts: 1
Normally, scripts on different pages are allowed to access each other if and only if the pages they originate from share the same protocol, port number, and host. Above error message shows that you can't access an < iframe > with different origin using JavaScript/jQuery, it would be a huge security flaw if you could do it.

window.postMessage() provides a controlled mechanism to securely circumvent this restriction.



You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.