Home » Android » javascript – Security Error with iframe

javascript – Security Error with iframe

Posted by: admin May 14, 2020 Leave a comment

Questions:

The following issue occurs in Android 4.4 devices and above.

This is what our iframe looks like:

<iframe frameborder=0 id="myIFRAME"></iframe>

The following is the way we are getting iframe programmatically:

if(document.getElementById("myIFRAME")){
        me.setMyIFRAME(document.getElementById("myIFRAME").contentWindow);
}

This is causing a security error related to Protocol mismatch:

“Uncaught SecurityError: Blocked a frame with origin
https://www.google.com” from accessing a frame with origin “file://”.
The frame requesting access has a protocol of “https”, the frame being
accessed has a protocol of “file”. Protocols must match.

We are using Sencha touch with Cordova to develop our project.

How to&Answers:

The Cordova security guide says:

If content is served in an iframe from a whitelisted domain, that domain will have access to the native Cordova bridge.

Have you tried adding the external domain to the whitelist inside config.xml?

<access origin="https://google.com" />

Answer:

@Ritika,
I’m taking a wild guess here, because I do not use iframes, but in your <iframe> element I do NOT see a src. As such, the system is setting it to some type of default and the protocol of that source is file://

I think if you set a src=, even a blank one, the issue will go away.

Away, just a guess. Best of Luck.

Answer:

  1. Google is not accessible over iFrame.

  2. From a page served using file:// protocol cannot access resources over http:// or https:// protocol by default.

Answer:

Personaly, I would avoid using iFrames all together.

https://github.com/phonegap/phonegap/wiki/iFrame-Usage

Answer:

It turned out that iframe was loading html page which was accessing window.document which was causing Cross-domain security error
Below if condition was inside page

 if (window.parent.document != window.document) 

we change it to below condition which resolve security error

if (window.parent != window)