科技改变生活-雨落星辰 - 所有的伟大,都源于一个勇敢的开始

    最新消息:雨落星辰是一个专注网站SEO优化、网站SEO诊断、搜索引擎研究、网络营销推广、网站策划运营及站长类的自媒体原创博客
    你的位置: 首页>programmer>javascript - SecurityError from Facebook and Cross Domain Messaging - Stack Overflow

    javascript - SecurityError from Facebook and Cross Domain Messaging - Stack Overflow

    programmeradmin2浏览0评论

    We have an application that utilizes the facebook javascript sdk and login capabilities.

    We've been noticing this error e up in our production logs. Specifically for iOS devices with versions 10.3 and higher. Also seems to only be targeting safari browsers

    SecurityError (DOM Exception 18): Blocked a frame with origin "" from accessing a frame with origin "". The frame being accessed set "document.domain" to "facebook", but the frame requesting access did not. Both must set "document.domain" to the same value to allow access.

    Here is our init function:

            init: function(options) {
            var facebookUrl, scriptInclude;
            Facebook.baseHost = options.baseHost;
            if (typeof FB !== "undefined" && FB !== null) {
                return Facebook.setup();
            } else {
                if (options.appId == null) {
                    throw 'Facebook: cannot init without appId';
                }
                window.fbAsyncInit = function() {
                    FB.init({
                        appId: options.appId,
                        version    : 'v2.3',
                        channelUrl: options.channelUrl || ("" + document.location.protocol + "//" + document.location.host + "/channel.html"),
                        status: true,
                        cookie: false,
                        xfbml: false,
                        oauth: true
                    });
                    return Facebook.setup();
                };
                $('body').append('<div id="fb-root"></div>');
                facebookUrl = "//connect.facebook/" + (Facebook.getLocaleFacebookSupports(Social.SETTINGS.fbLocale)) + "/sdk.js";
                scriptInclude = "<script type=\"text/javascript\" async=\"true\" src=\"" + facebookUrl + "\"></script>";
                return $('#fb-root').append(scriptInclude);
            }
        }

    My question, why are we only getting this error on iOS devices and versions 10.3?

    We have an application that utilizes the facebook javascript sdk and login capabilities.

    We've been noticing this error e up in our production logs. Specifically for iOS devices with versions 10.3 and higher. Also seems to only be targeting safari browsers

    SecurityError (DOM Exception 18): Blocked a frame with origin "https://www.mymadeupsite." from accessing a frame with origin "https://staticxx.facebook.". The frame being accessed set "document.domain" to "facebook.", but the frame requesting access did not. Both must set "document.domain" to the same value to allow access.

    Here is our init function:

            init: function(options) {
            var facebookUrl, scriptInclude;
            Facebook.baseHost = options.baseHost;
            if (typeof FB !== "undefined" && FB !== null) {
                return Facebook.setup();
            } else {
                if (options.appId == null) {
                    throw 'Facebook: cannot init without appId';
                }
                window.fbAsyncInit = function() {
                    FB.init({
                        appId: options.appId,
                        version    : 'v2.3',
                        channelUrl: options.channelUrl || ("" + document.location.protocol + "//" + document.location.host + "/channel.html"),
                        status: true,
                        cookie: false,
                        xfbml: false,
                        oauth: true
                    });
                    return Facebook.setup();
                };
                $('body').append('<div id="fb-root"></div>');
                facebookUrl = "//connect.facebook/" + (Facebook.getLocaleFacebookSupports(Social.SETTINGS.fbLocale)) + "/sdk.js";
                scriptInclude = "<script type=\"text/javascript\" async=\"true\" src=\"" + facebookUrl + "\"></script>";
                return $('#fb-root').append(scriptInclude);
            }
        }

    My question, why are we only getting this error on iOS devices and versions 10.3?

    • javascript
    • ios
    • facebook
    • cross-domain
    • facebook-javascript-sdk
    Share Improve this question edited Apr 13, 2017 at 19:34 Jshoe523 asked Apr 13, 2017 at 18:59 Jshoe523Jshoe523 4,1912 gold badges20 silver badges21 bronze badges
    Add a ment  | 

    1 Answer 1

    Reset to default 16

    I ran into this issue as well, and after digging around it seems to be a bug in the browser's autofill: the stacktrace that is send to our logging cluster looks as followed:

    g@https://example.:5:190, 
g@https://example.:7:323, 
extractNewForms@https://example.:13:37, 
extractForms@https://example.:8:381, 
global code@https://example.:1:98

    As you can see, the error happens somewhere in an extractForms function, which (for us) doesn't exist anywhere in the code base. A Google search reveals that both extractForms and extractNewForms are part of the browser's autofill library, and the thread here suggests that there is a bug in there (ments 12 & 15 are most relevant to your issue).

    As far as I can tell this is also not specifically related to Facebook: in our logs we see similar errors for more iframes, including iframes from (sub)domains we control ourselves.

    Unfortunately I don't know about any fix or workaround, and I also highly doubt if a (user-land) fix/workaround is actually possible. I think the only thing you can do is to ignore these errors.

    与本文相关的文章

    发布评论

    评论列表(0)

    1. 暂无评论