不安全的 JavaScript 尝试访问 Google Chrome 中的框架
我们的 Web 应用程序(基于 HTML5、SVG 和 JS)在除 Google Chrome 之外的所有浏览器中运行良好。
在 Google Chrome 中,正常的 javascript 事件运行良好,但是,附加到 iFrame 的所有 javascript 事件都不会执行。我们在控制台中收到错误:
Unsafe JavaScript attempt to access frame
目前,该应用程序是本地托管的,并且在内部测试期间出现了此问题。
谷歌搜索会出现很多帖子,但没有一个提出任何具体的解决方案。有什么建议吗?
Our web application (based on HTML5, SVG & JS) runs fine in all the browsers except Google Chrome.
In Google Chrome, the normal javascript events run fine, however, all the javascript events attached to the iFrame are not executed. We get the error in the console:
Unsafe JavaScript attempt to access frame
At the moment, the application is locally hosted and this problem cropped up during inhouse testing.
Googling this brings up lots of posts but none suggests any concrete solution. Any suggestions?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
作为一项额外的安全措施,Chrome 将每个“文件”路径视为其自己的来源,而不是将整个“文件”方案视为单个来源(这是其他浏览器的做法)。此行为仅适用于“文件”网址,您可以通过在启动时传递 --allow-file-access-from-files 开关来强制 Chrome 恢复到单个本地源(与其他浏览器一样) 。
您可以在此处找到有关与本地来源相关的风险的更多信息:http://blog.chromium.org/2008/12/security-in-depth-local-web-pages.html
As an additional security measure, Chrome treats every "file" path as its own origin rather than treating the entire "file" scheme as a single origin (which is what other browsers do). This behavior applies only to "file" URLs and you can force Chrome to revert to a single local origin (like other browsers) by passing the --allow-file-access-from-files switch at startup.
You can find more information on the risks associated with local origins described here: http://blog.chromium.org/2008/12/security-in-depth-local-web-pages.html
请确保 iframe 和主页使用相同的协议(即都是 https 或都是 http,但不是混合)并且位于同一域中(即都是 www.example.com,而不是 example.com 和 dev.example .com)。另外,也有可能有人尝试使用 file:// 协议,这也会导致此消息。
Please make sure that both the iframe and main page are using the same protocol (i.e. both https or both http, but not mixed) and are on the same domain (i.e. both www.example.com and not example.com and dev.example.com). Also there's the possibility that something tries to use the file:// protocol, which will also cause this message.