Chrome扩展程序：不安全的JavaScript尝试使用URL访问框架域，协议和端口必须匹配 [英] Chrome Extension: Unsafe JavaScript attempt to access frame with URL Domains, protocols and ports must match

问题描述

此答案指定了如何访问gmail.com上所有iframe的内容 https://stackoverflow.com/a/9439525 / 222236

但在mail.google.com上会引发此错误：

 不安全的JavaScript尝试使用网址https：//plus.google.com/u/0/ _ / ...从网址https://mail.google.com/mail/访问框架U / 0 /＃收件箱。域，协议和端口必须匹配。 
  

我尝试添加 *：//plus.google.com/* 到扩展清单的匹配项，但它没有帮助。

更新：在访问内容之前检查URL，但我的逻辑是非常粗糙的，因为它只检查谷歌加：

  if（-1 == iframes [i ] .src.indexOf（'plus.google.com'））{
 contentDocument = iframes [i] .contentDocument; 
 if（contentDocument&&！contentDocument.rweventsadded73212312）{
 //将轮询器添加到新的iframe $ b $ checkForNewIframe（iframes [i] .contentDocument）; 
 
 
 
 $ div $解析方案由于同源策略而被阻止。
 
正确避免错误是排除来自不同来源的帧。你的逻辑确实很粗糙。它没有专门查看主机名，也没有考虑其他域。
 
反转逻辑以获得可靠的解决方案：
 
 
 <$如果（iframes [i] .src.indexOf（location.protocol +'//'+ location.host）== 0 || 
 iframes [i] .src。 indexOf（'about：blank'）== 0 || iframes [i] .src ==''）{
  

这个白名单的解释：

• protocol：// host / = https://mail.google.com 。
  
  显然，必须允许当前主机 li>
  
• about：blank 和一个空字符串
  
  这些框架是由GMail动态创建和编写的。

This answer specifies explains how to access the content of all iframes on gmail.com https://stackoverflow.com/a/9439525/222236

But on mail.google.com it throws this error:

Unsafe JavaScript attempt to access frame with URL https://plus.google.com/u/0/_/... from frame with URL https://mail.google.com/mail/u/0/#inbox. Domains, protocols and ports must match.

I tried adding *://plus.google.com/* to the matches of the manifest of the extension, but it didn't help.

Update: Checking for the url before accessing the content works, but my logic is very crude at the moment as it only checks for google plus:

        if(-1==iframes[i].src.indexOf('plus.google.com')) {
            contentDocument = iframes[i].contentDocument;
            if (contentDocument && !contentDocument.rweventsadded73212312) {
                // add poller to the new iframe
                checkForNewIframe(iframes[i].contentDocument);
            }
        }

解决方案

Access is blocked due to the same origin policy.
The right way to avoid the error is to exclude the frames from a different origin. Your logic is very crude indeed. It does not specifically look in the host name, and it doesn't account for other domains.
Invert the logic to have a robust solution:

if (iframes[i].src.indexOf(location.protocol + '//' + location.host) == 0 ||
    iframes[i].src.indexOf('about:blank') == 0 || iframes[i].src == '') {

Explanation of this white list:

• protocol://host/ = https://mail.google.com.
  Obviously, the current host has to be allowed
• about:blank and an empty string
  These frames are dynamically created and scripted by GMail.

这篇关于Chrome扩展程序：不安全的JavaScript尝试使用URL访问框架域，协议和端口必须匹配的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！