错误:访问属性'文档'的权限被拒绝 [英] error : Permission denied to access property 'document'
问题描述
如何在Firefox中修复此消息?我正在使用一个有锚标签的Iframe?我想获得对此锚点的引用,但是当我尝试访问锚点时出现此错误:
How can I fix this message in Firefox? I am using an Iframe which has an anchor tag? I would like to get a reference to this anchor but i am getting this error when I am trying to access anchor:
var frameWindow = document.getElementById('myIframe').contentWindow;
var anchor = frameWindow.document.links[0]; //.getElementsByClassName('a');
anchor.onclick....
推荐答案
在某些情况下,同源策略限制性太强,对使用多个子域的大型网站造成问题。以下是放松它的四种技巧:
In some circumstances the same-origin policy is too restrictive, posing problems for large websites that use multiple subdomains. Here are four techniques for relaxing it:
如果两个窗口(或框架)包含将域设置为相同值的脚本,这两个窗口放宽了同源策略,每个窗口都可以与另一个窗口进行交互。例如,从orders.example.com和catalog.example.com加载的文档中的协作脚本可能会将其document.domain属性设置为example.com,从而使文档看起来具有相同的来源并使每个文档都能够读取另一个的属性。这可能并不总是有效,因为存储在内部表示中的端口可以标记为null。换句话说,example.com端口80将成为example.com端口null,因为我们更新 document.domain 。端口null可能不会被视为80(取决于您的浏览器),因此可能会失败或取决于您的浏览器。
If two windows (or frames) contain scripts that set domain to the same value, the same-origin policy is relaxed for these two windows, and each window can interact with the other. For example, cooperating scripts in documents loaded from orders.example.com and catalog.example.com might set their document.domain properties to "example.com", thereby making the documents appear to have the same origin and enabling each document to read properties of the other. This might not always work as the port stored in the internal representation can become marked as null. In other words example.com port 80 will become example.com port null because we update document.domain. Port null might not be treated as 80 ( depending on your browser ) and hence might fail or succeed depending on your browser.
放松同样的第二种方法 - 原始政策正在以跨源资源共享的名义进行标准化。该草案标准使用新的Origin请求头和新的 Access-Control-Allow-Origin 响应头扩展HTTP。它允许服务器使用标头显式列出可能请求文件或使用通配符的起源,并允许任何站点请求文件。诸如Firefox 3.5和Safari 4之类的浏览器使用这个新标头来允许XMLHttpRequest的跨源HTTP请求,否则这些请求将被同源策略禁止。[7]
The second technique for relaxing the same-origin policy is being standardized under the name Cross-Origin Resource Sharing. This draft standard extends HTTP with a new Origin request header and a new Access-Control-Allow-Origin response header. It allows servers to use a header to explicitly list origins that may request a file or to use a wildcard and allow a file to be requested by any site. Browsers such as Firefox 3.5 and Safari 4 use this new header to allow the cross-origin HTTP requests with XMLHttpRequest that would otherwise have been forbidden by the same-origin policy.[7]
另一种新技术,跨文档消息传递允许来自一个页面的脚本将文本消息传递到另一个页面上的脚本,而不管脚本来源如何。在Window对象上调用 postMessage()方法异步触发该窗口中的onmessage事件,触发任何用户 - 定义的事件处理程序。一个页面中的脚本仍然无法直接访问另一个页面中的方法或变量,但它们可以通过此消息传递技术安全地进行通信。
Another new technique, cross-document messaging allows a script from one page to pass textual messages to a script on another page regardless of the script origins. Calling the postMessage() method on a Window object asynchronously fires an "onmessage" event in that window, triggering any user-defined event handlers. A script in one page still cannot directly access methods or variables in the other page, but they can communicate safely through this message-passing technique.
JSONP允许页面接收来自的JSON数据通过向从不同域加载JSON响应的页面添加< script> 元素来构建不同的域。
JSONP allows a page to receive JSON data from a different domain by adding a <script> element to the page which loads a JSON response from a different domain.
函数调用是JSONP的P - 纯JSON周围的填充,或者根据一些前缀。按照惯例,浏览器在其对服务器的请求中提供回调函数的名称作为命名查询参数值,通常使用名称jsonp或callback作为命名查询参数字段名称,例如
The function call is the "P" of JSONP—the "padding" around the pure JSON, or according to some the "prefix". By convention, the browser provides the name of the callback function as a named query parameter value, typically using the name jsonp or callback as the named query parameter field name, in its request to the server, e.g.,
<script type="application/javascript"
src="http://server2.example.com/Users/1234?jsonp=parseResponse">
</script>
在此示例中,收到的有效负载为:
In this example, the received payload would be:
parseResponse({"Name": "Foo", "Id": 1234, "Rank": 7});
这篇关于错误:访问属性'文档'的权限被拒绝的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
