GWT阻止了源为"http://localhost"的帧.访问跨域框架 [英] GWT Blocked a frame with origin "http://localhost" from accessing a cross-origin frame

问题描述

我想允许用户输入其网址并在iframe中浏览. 他们点击确认按钮后，我将从iframe中获取浏览网址.

I would like to allow the user enter their url and browse in the iframe. After they click the confirm button, i will get the url the browse from the iframe.

IFrameElement frame = IFrameElement.as(DOM.createIFrame());
frame.setSrc("http://www.example.com"); //set the url of user enter
VerticalPanel ver = new VerticalPanel();
ver.getElement().appendChild(frame);

// After they click the confirm button, get the url from iframe
Window.alert(frame.getContentDocument().getURL());

但是从iframe获取网址后出现错误

But i got an error after i get the url from iframe

例外:com.google.gwt.event.shared.UmbrellaException:例外 抓到的:(SecurityError):阻止了一个带有原点的帧 通过访问跨域框架" http://localhost ".

Exception: com.google.gwt.event.shared.UmbrellaException: Exception caught: (SecurityError) : Blocked a frame with origin "http://localhost" from accessing a cross-origin frame.

推荐答案

简而言之:您不应该这样做，也不能这样做.

In short: you should not do this and you can not do this.

第一

某些页面的作者根本不希望将其页面显示在框架中.以Facebook为例，您将获得:

Some pages' authors simply do not want to let their pages to be displayed in a frame. Try Facebook for example, you'll get:

拒绝在框架中显示" https://www.facebook.com/"，因为它将"X-Frame-Options"设置为"deny".

Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

还可以(使用脚本)检查页面是否在框架中并突破"并进入主窗口，

One can also check (with a script) if the page is in a frame and 'break through' and take main window, http://www.interia.pl/ is an example.

因此，有些页面无法显示在框架中.

So, there are pages that can not be shown in a frame.

第二:

了解同一原产地政策(SOP):

简而言之，SOP声明在网页上运行的JavaScript代码可能不会与任何非同一网站的资源进行交互.存在此安全政策的原因是为了防止恶意Web编码人员创建窃取Web用户信息或损害其隐私的页面.虽然非常必要，但该政策还具有使Web开发人员的生活变得困难的副作用.

Simply stated, the SOP states that JavaScript code running on a web page may not interact with any resource not originating from the same web site. The reason this security policy exists is to prevent malicious web coders from creating pages that steal web users’ information or compromise their privacy. While very necessary, this policy also has the side effect of making web developers’ lives difficult.

这篇关于GWT阻止了源为"http://localhost"的帧.访问跨域框架的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！