Thanks stackoverflow i solved a lot of my javascript problems, but now i stopped at the point without hope. It is hard to describe, there is clear video shows my problem with drag drop cross-domains iframe.
- First part in Iceweasel (and FF, Opera) = iframe d&d work OK.
- Second part in Chromium (and Chrome) = iframe d&d NOT work.
and there are links to example iframes set and iframes sources:
- parent page: http:// msdrop/msdrop-jquery-test-iframe-frameset.htm
- iframe A: http:// msdrop
- iframe B: http:// nextgd/msdrop-jquery-test-iframe.htm
Is it Chrome bug, or security that es under "Same origin policy"? This is strange because d&d works excellent between two windows, and want not work at all from parent window to iframe.
Thanks for suggestions. Piotr
EDIT: It's possible Chrome/Chromium security mitigation is overly broad. Issue 251718:
Thanks stackoverflow i solved a lot of my javascript problems, but now i stopped at the point without hope. It is hard to describe, there is clear video shows my problem with drag drop cross-domains iframe.
http://www.youtube./watch?v=v65mO27h75E
- First part in Iceweasel (and FF, Opera) = iframe d&d work OK.
- Second part in Chromium (and Chrome) = iframe d&d NOT work.
and there are links to example iframes set and iframes sources:
- parent page: http:// msdrop./msdrop-jquery-test-iframe-frameset.htm
- iframe A: http:// msdrop.
- iframe B: http:// nextgd./msdrop-jquery-test-iframe.htm
Is it Chrome bug, or security that es under "Same origin policy"? This is strange because d&d works excellent between two windows, and want not work at all from parent window to iframe.
Thanks for suggestions. Piotr
EDIT: It's possible Chrome/Chromium security mitigation is overly broad. Issue 251718: https://code.google./p/chromium/issues/detail?id=251718
Share Improve this question edited Jun 20, 2013 at 10:47 user2402837 asked Jun 6, 2013 at 17:50 user2402837user2402837 911 silver badge4 bronze badges 3- Open your chrome dev tools and select the console tab. Then attempt your drag and drop. What error appears? I know from experience that same-origin policy violations get logged to the console. – Aaron Terry Commented Jun 6, 2013 at 17:54
- You can test too, there is online sample link: msdrop./msdrop-jquery-test-iframe-frameset.htm A JavaScript Console do not show any errors or unsafe JavaScript attempt to access. There is nothing special or unsafe at iframe B: nextgd./msdrop-jquery-test-iframe.htm – user2402837 Commented Jun 7, 2013 at 8:31
- Here is second video: youtube./watch?v=CnSXCRJJLEU that show Chrome iframe drag and drop problem. Sample page: byckobieta.pl/ulubione.php Thanks for help. – user2402837 Commented Jun 7, 2013 at 9:46
3 Answers
Reset to default 2Now, at: http://msdrop./msdrop-jquery-test-iframe-frameset.htm there are 4 iframes
- IFRAME A: the same domain as parent
- IFRAME B: other domain
- IFRAME C: the same domain + sandbox="allow-scripts"
- IFRAME D: other domain + sandbox="allow-scripts"
In FF, all frames works that i expects.
In Chrome, and Chromium only on iframe A works all dragover, dragenter, dragleave, and drop events.
i think i found answer, drag and drop events works on iframe when open Chromium or Chrome without restrictions.
chromium-browser --disable-web-security
google-chrome --disable-web-security
But if it is about Google Chrome "web security", why JavaScript Console do not show any info or warrning, and why drag and drop works excellent between two windows, drag and drop works even from firefox to chrome.
edit: Google Chrome: "You are using an unsupported mand-line flag: --disable-web-security. Stability and security will suffer." so flag works but is unsupported?
I do not understand.
Adding sandbox="allow-scripts" to the iframe element solves this issue for me.
eg:
<iframe sandbox="allow-scripts" src=".." />