Confusing error message when trying to use postMessage in file:// origin
Reported by
cristian...@gmail.com,
Dec 26 2016
|
||||||||
Issue description
UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0
Steps to reproduce the problem:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('file://') does not match the recipient window's origin ('null').
What is the expected behavior?
location.origin is 'file://'
but it expect null???
What went wrong?
null value
Did this work before? N/A
Chrome version: <Copy from: 'about:version'> Channel: n/a
OS Version: 16
Flash Version: Shockwave Flash 24.0 r0
,
Dec 27 2016
,
Dec 30 2016
,
Dec 30 2016
This is probably because file origins are considered unique. We should improve the error messages here. 'null' is confusing and unclear. If something is a null origin because of a file:// URL, it might be nice to explicitly note this. And instead of saying 'null origin', 'unique origin' is probably more descriptive. Rather than passing 'file://' as the origin, try passing '/' (if the targeted page is actually same origin) or '*' (to post to any origin).
,
Dec 30 2016
passing / it passes but when the popup window checks the origin there is again inconsitency comparation is '/'=='null' i might add code in 2 parts for handling just the case file://. Consider in addition that passing window.location.origin works in http domain. It seams to complex a simple thing. if will accept file:// == window.location.origin all work in same way in any case.
,
Feb 14 2017
I don't think we ever say "null origin" (at least I hope we don't). The various specs have moved to "opaque origin", though I'm not sure that's any better for developers. As noted above, `postMessage(data, "*")` is the right way to post to an opaque origin. Because the origin is opaque, however, you're not going to be able to do effective validation on the other end. Checking that the origin is `null` is the best you can do. dcheng@: We can certainly improve the error message by replacing `"null"` with something like `[unique origin]`. That said, we can't change the actual serialization of origins without requiring lots of rewrites in a lot of places. What's your proposal with regard to `file://`?
,
Feb 14 2017
i developped a "page.html" and i m working loading it from filesystem. This page open a popup window. This windod send /receive messages from the main page page.html. I wont work in opaque way but simply to send a message to this specific popped window and just to it. origin variable check the domain but if i m working in the file system there is no domain or better just a simplified domain file:// that is secure for definition.
,
Feb 14 2017
your solution is not coherent because in my solution if I move the html page in the web server the the logic continue to be correct (origin become a domain , the will check correctly the message is from/to this origin), in your solution using opaque * , it is correct in the file system but not in the web server.
,
Feb 14 2017
i found a trick it seams to work anyway .... origin=window.location.protocol == 'file:' ? '/' : window.location.origin; i m not sure it work in any browser . for now it works in firefox/chrome .Anyway why to patch origin in this simplified case?
,
Mar 23 2017
Sounds like the underlying issue is bug 47416 . All that may be left here is to improve the error message, right?
,
Mar 23 2017
It is past a lot of time, i tell you what i remember about it. No it was just a simple fix to align the browser behavior with all the possible origin, also when browser load a local html file. in this case exptected origin for posting a message is "/", but the existing origin detected is file://
,
Nov 10 2017
,
Feb 18 2018
|
||||||||
►
Sign in to add a comment |
||||||||
Comment 1 by cristian...@gmail.com
, Dec 26 2016