New issue
Advanced search Search tips

Issue 758308 link

Starred by 4 users

Issue metadata

Status: Duplicate
Merged: issue 709132
Owner:
Closed: Aug 2017
Cc:
EstimatedDays: ----
NextAction: ----
OS: iOS
Pri: 2
Type: Bug-Regression



Sign in to add a comment

A generated iframe causing a SecurityError: Blocked a frame with origin

Reported by wil...@recruitics.com, Aug 23 2017

Issue description

Steps to reproduce the problem:
1. Created a test website with the following HTML
<html>
<title>Test</title>
<head>
<script src="https://cdnjs.cloudflare.com/ajax/libs/airbrake-js/0.9.4/client.js"></script>
<script>
    airbrake = new airbrakeJs.Client({projectId: , projectKey: ''}); // Removed our specific details for airbrake
    try {
         function test() {
              iframe = document.createElement('iframe');
              iframe.src = "//webpagetest.org";
              document.body.appendChild(iframe);
         }
    } catch (e) {
        airbrake.notify(e);
    }
</script>
<script>window.onerror = function (msg, url, lineNo, columnNo, error) {
       console.log("caught error");
       airbrake.notify(msg);
       return false;
     }</script>
</head>
<body onload="test()">
<h1>Hi.</h1>
</body>
</html>

2. Loaded the test webpage on the latest chrome version on iOS

3. Received a SecurityError (DOM Exception 18): Blocked a frame with origin "http://mywebsite from accessing a frame with origin "https://www.webpagetest.org". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "https". Protocols must match. from the following method(s)

:1:297 in hasPasswordField_
:1:428 in hasPasswordField_
:1:173 in findPasswordForms
:9:27 in global code

What is the expected behavior?
No security error as my code is not attempting any cross origin requests

What went wrong?
Received security errors which we cannot prevent

Did this work before? Yes We believe the version prior to this worked as we saw a spike in errors shortly after the release of this version

Chrome version: 60.0.3112.89  Channel: stable
OS Version: iOS 10
Flash Version:
 
As an additional aside, if we update the iframe to use a matching protocol (such as example.com) we still get a similar error

SecurityError (DOM Exception 18): Blocked a frame with origin "http://mywebsite" from accessing a frame with origin "http://www.example.com". Protocols, domains, and ports must match.
Cc: eugene...@chromium.org
Components: -Blink Mobile>WebView>Glue
Owner: danyao@chromium.org
Status: Assigned (was: Unconfirmed)
Seems like a web compat issue.  Have we seen this before?

Comment 3 by danyao@chromium.org, Aug 30 2017

Mergedinto: 709132
Status: Duplicate (was: Assigned)
This is a duplicate of  crbug.com/709132 . A fix has been landed and will ship in M61 (slated for release in September).

Sign in to add a comment