不安全的JavaScript尝试启动具有URL的框架的导航 [英] Unsafe JavaScript attempt to initiate navigation for frame with URL

问题描述

这有点复杂，请多多包涵. 网站A具有包含网站B的iframe，网站B具有包含网站C的iframe.

This is a bit complicated, please bear with me. Website A has a iframe that contains website B and website B has a iframe that contain website C.

网站C上有一个按钮，单击后，我要刷新网站B的网址.下面是从iframe中的网站C刷新JavaScript来调用网站B的JavaScript

There is a button on website C, when clicked, I want to refresh url of website B. below is the javascript called to do the refresh of website B from website C, which is in an iframe

function url_update(id){
   var host = 'https://websiteb.com ';
   var myHost = host.split('/'); 
   if (id != "" && myHost != ""){
    try {
        if (id.substring(0,1) != '/'){
            id = '/' + id;
        }
        var dft_url = myHost[0] + '//' + myHost[2] + id;
        window.parent.location.href = dft_url;
    } catch(e){alert("Cannot go to the desired url location: " + dft_url);}
   } 
 }

但是当行"window.parent.location.href = dft_url;"时被执行后，我收到以下错误:

but when the line "window.parent.location.href = dft_url;" gets executed, I received the following error:

 Unsafe JavaScript attempt to initiate navigation for frame with URL  
 'https://websiteB.com' from frame with URL
 'https://websiteC.com'. The frame attempting navigation is 
  neither same-origin with the target, nor is it the target's parent or    
  opener.

我不明白为什么会这样以及如何解决.任何帮助将不胜感激.

I don't understand why this happening and how to fix it. Any help will be appreciated.

我做了一些研究，大多数人声称这是一个起源问题，但是如果我取出网站A，这意味着只有网站B的iframe包含网站C，那么上面的代码就可以了.即使它们具有不同的域

I did some research, most claimed this is an origin problem, but if I take out website A, meaning only have website B with an iframe that contains website C, then the above code works. Even though they have different domains

推荐答案

您可以在Chromium源代码的注释中找到对此行为的解释.看到这里:

You can find an explanation of this behavior in a comment of the Chromium source code. See here:

基本上，顶层窗口对导航的限制要比其他窗口少.查看非顶部窗户的限制:

Basically top-level windows have less restrictions regarding navigation than other windows. See restrictions for non top windows:

文档可以浏览其后代框架，或更一般地， 如果文档与原始来源相同，则该文档可以浏览框架 该框架的任何祖先(在框架层次结构中).

A document can navigate its decendant frames, or, more generally, a document can navigate a frame if the document is in the same origin as any of that frame's ancestors (in the frame hierarchy).

顶部窗口:

具体来说，如果文档可以在顶级框架中导航，则该框架可以 打开了该文档，或者该文档与以下任何一个文档的来源相同 顶层框架的开启者的祖先(在框架层次结构中).

Specifically, a document can navigate a top-level frame if that frame opened the document or if the document is the same-origin with any of the top-level frame's opener's ancestors (in the frame hierarchy).

原因是:

顶级框架比其他框架更易于浏览，因为它们 在大多数浏览器中的地址栏中显示其网址.

Top-level frames are easier to navigate than other frames because they display their URLs in the address bar (in most browsers).

因此，基本上，对于非顶部窗口，它绝对需要具有相同的原点才能进行导航，但是对于顶部窗口，由该窗口打开的框架也可以导航，即使它不是同一原点.这似乎是您要面对的问题，当B在顶部时，相同的原点不适用，但是当B不在顶部时，则它适用.

So basically, for a non top window, it absolutely needs to be same origin to allow navigation, but for top windows, a frame that was opened by that window can navigate even if it's not same-origin. Which seems to be the problem you're facing, when B is top, the same origin doesn't apply, but when it's not top, then it applies.

因此，我不确定是否有直接的解决方案，甚至根本没有解决方案.

According to this, I'm not sure there's a straightforward, or any at all, solution.

这篇关于不安全的JavaScript尝试启动具有URL的框架的导航的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！