Chrome扩展程序:不安全的JavaScript尝试使用URL访问框架域,协议和端口必须匹配 [英] Chrome Extension: Unsafe JavaScript attempt to access frame with URL Domains, protocols and ports must match
问题描述
此答案指定了如何访问gmail.com上所有iframe的内容 https://stackoverflow.com/a/9439525 / 222236
但在mail.google.com上会引发此错误:
不安全的JavaScript尝试使用网址https://plus.google.com/u/0/ _ / ...从网址https://mail.google.com/mail/访问框架U / 0 /#收件箱。域,协议和端口必须匹配。
我尝试添加 *://plus.google.com/*
到扩展清单的匹配项,但它没有帮助。
更新:在访问内容之前检查URL,但我的逻辑是非常粗糙的,因为它只检查谷歌加:
if(-1 == iframes [i ] .src.indexOf('plus.google.com')){
contentDocument = iframes [i] .contentDocument;
if(contentDocument&&!contentDocument.rweventsadded73212312){
//将轮询器添加到新的iframe $ b $ checkForNewIframe(iframes [i] .contentDocument);
$ div $解析方案由于同源策略而被阻止。
正确避免错误是排除来自不同来源的帧。你的逻辑确实很粗糙。它没有专门查看主机名,也没有考虑其他域。
反转逻辑以获得可靠的解决方案:
<$如果(iframes [i] .src.indexOf(location.protocol +'//'+ location.host)== 0 ||
iframes [i] .src。 indexOf('about:blank')== 0 || iframes [i] .src ==''){
这个白名单的解释:
protocol:// host /
= https://mail.google.com
。
显然,必须允许当前主机 li>
about:blank
和一个空字符串
这些框架是由GMail动态创建和编写的。
This answer specifies explains how to access the content of all iframes on gmail.com https://stackoverflow.com/a/9439525/222236
But on mail.google.com it throws this error:
Unsafe JavaScript attempt to access frame with URL https://plus.google.com/u/0/_/... from frame with URL https://mail.google.com/mail/u/0/#inbox. Domains, protocols and ports must match.
I tried adding *://plus.google.com/*
to the matches of the manifest of the extension, but it didn't help.
Update: Checking for the url before accessing the content works, but my logic is very crude at the moment as it only checks for google plus:
if(-1==iframes[i].src.indexOf('plus.google.com')) {
contentDocument = iframes[i].contentDocument;
if (contentDocument && !contentDocument.rweventsadded73212312) {
// add poller to the new iframe
checkForNewIframe(iframes[i].contentDocument);
}
}
Access is blocked due to the same origin policy.
The right way to avoid the error is to exclude the frames from a different origin. Your logic is very crude indeed. It does not specifically look in the host name, and it doesn't account for other domains.
Invert the logic to have a robust solution:
if (iframes[i].src.indexOf(location.protocol + '//' + location.host) == 0 ||
iframes[i].src.indexOf('about:blank') == 0 || iframes[i].src == '') {
Explanation of this white list:
protocol://host/
=https://mail.google.com
.
Obviously, the current host has to be allowedabout:blank
and an empty string
These frames are dynamically created and scripted by GMail.
这篇关于Chrome扩展程序:不安全的JavaScript尝试使用URL访问框架域,协议和端口必须匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!