在Facebook上使用安全浏览时，不安全的JavaScript尝试访问框架 [英] Unsafe JavaScript attempt to access a frame when using secure browsing on Facebook

问题描述

我上周推出了一个应用程序并且已经注意到，因为在Chrome中只有我的画布的高度并不总是被调整。我花了很多时间查看问题并发现我收到以下错误 - 有时候。

I've launched an application last week and have noticed since that in Chrome only the height of my canvas is not always adjusted. I've spent a bunch of hours looking at the issues and noticed that I get the following error - sometimes.

Unsafe JavaScript attempt to access frame with URL https://apps.facebook.com/tabletr/ from frame with URL

的框架访问框架

http：//static.ak.facebook。 COM /连接/ canvas_proxy.php版本= 3＃行为= p&安培;方法= getPageInfo&安培; PARAMS =％7B％22channelUrl％22％3A％22https％3A％2F％2Fs-static.ak.fbcdn.net％2Fconnect％2Fxd_proxy .PHP％3Fversion％3D3％23CB％3Df37821 54E％26origin％3Dhttps％253A％252F％252Ftabletr.herokuapp.com％252Ff2951037b％26relation％3Dtop.frames％255Biframe_canvas_fb_https％255D％26transport％3Dpostmessage％22％2C％22frame％22％3A％22iframe_canvas_fb_https％22％7D&安培;关系=顶部。
域名，协议和端口必须匹配。

http://static.ak.facebook.com/connect/canvas_proxy.php?version=3#behavior=p&method=getPageInfo&params=%7B%22channelUrl%22%3A%22https%3A%2F%2Fs-static.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3782154e%26origin%3Dhttps%253A%252F%252Ftabletr.herokuapp.com%252Ff2951037b%26relation%3Dtop.frames%255Biframe_canvas_fb_https%255D%26transport%3Dpostmessage%22%2C%22frame%22%3A%22iframe_canvas_fb_https%22%7D&relation=top. Domains, protocols and ports must match.

现在，了解一两件关于编程的事情我推断这很可能由于 https 和 http 正在互相使用。我得到错误（有时）在Facebook上安全浏览on并且永远不会关闭。

Now, knowing a thing or two about programming I deduced that this is likely due to https and http being used interexchangably. I get the error (sometimes) with secure browsing "on" on Facebook and never with "off".

但我发现很奇怪的是，这个问题偶尔会发生浏览HTTPS。我仍然没有找到任何出现问题的模式或我的代码按预期工作。我知道这个主题上有一些帖子，我尝试了一些解决方法，但似乎没有解决我的问题。这是我的代码的一部分 -

But what I find really odd is that the issue occurs sporadically when browsing over HTTPS. I still haven't found any pattern to the issue coming up or my code working as intended. I know there are a few posts on here on this topic and I've tried a number of workarounds but none seem to have solved my problem. Here's part of my code-

<div id="fb-root"></div>
<script>
    window.fbAsyncInit = function() {
        FB.init({
            appId      : '<myid>', // App ID
            channelUrl : '//tabletr.herokuapp.com/channel.php', // Channel File
            status     : false, // Check login status
            cookie     : true, // Enable cookies to allow the server to access the session
            xfbml      : false  // Parse XFBML
        });

        // Additional initialization code here
        FB.Canvas.setSize({ height: 1200 });
    };

    // If I comment out this function I don't get any unsafe URL errors
    // anymore. I'm guessing that the include of the JavaScript code either
    // fails to use the right protocol or is faulty in its implementation
    // by Facebook. My money is on the former.
    (function(d){
        var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
        js = d.createElement('script'); js.id = id; js.async = true;
        //js.src = "//connect.facebook.net/en_US/all.js";
        js.src = "//tabletr.herokuapp.com/js/all.js";
        d.getElementsByTagName('head')[0].appendChild(js);
    }(document));
</script>

我该如何解决这个问题？说实话，我不在他们身边。也许我的频道文件实现错了？

How do I fix this? I'm out of them to be honest. Maybe my channel file implementation is wrong?

<div id="fb-root"></div>
<script>
    window.fbAsyncInit = function() {
        FB.init({
            appId      : '<myid>', // App ID
            channelUrl : '//tabletr.herokuapp.com/channel.php', // Channel File
            status     : false, // Check login status
            cookie     : true, // Enable cookies to allow the server to access the session
            xfbml      : false  // Parse XFBML
        });

        // Additional initialization code here
        FB.Canvas.setSize({ height: 1200 });
    };

    // If I comment out this function I don't get any unsafe URL errors
    // anymore. I'm guessing that the include of the JavaScript code either
    // fails to use the right protocol or is faulty in its implementation
    // by Facebook. My money is on the former.
    (function(d){
        var js, id = 'facebook-jssdk'; if (d.getElementById(id)) {return;}
        js = d.createElement('script'); js.id = id; js.async = true;
        js.src = "//connect.facebook.net/en_US/all.js";
        //js.src = "//tabletr.herokuapp.com/js/all.js";
        d.getElementsByTagName('head')[0].appendChild(js);
    }(document));
</script>

我已根据Stack OVerflow问题更新了我的代码 通过HTTPS加载非安全项目的JavaScript SDK SDK - 这个，但是，还没有解决这个问题。我在2012-01-19发现了以下错误报告，其中显示了我面临的相同症状。越过这个的手指将很快由Facebook修复！

I've updated my code based on Stack OVerflow question Facebook JavaScript SDK over HTTPS loading non-secure items - this, however, hasn't fixed the issue yet. I came across the following bug report from 2012-01-19, which shows the same symptoms I'm facing. Fingers crossed this will be fixed by Facebook soon!

https://developers.facebook.com/bugs/192507854181725?browse=search_4f2bbd593f8798794293016

推荐答案

Facebook已承认这是一个错误并分配给工程师。您可以在 https://developers.facebook.com/bugs/192507854181725?browse跟踪进度= search_4f2bbd593f8798794293016

Facebook has acknowledged this as a bug and assigned to an engineer. You can track the progress at https://developers.facebook.com/bugs/192507854181725?browse=search_4f2bbd593f8798794293016

这篇关于在Facebook上使用安全浏览时，不安全的JavaScript尝试访问框架的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！