Calling sendMessage from cross origin iframe throws a SecurityError. |
||||||||||||
Issue descriptionChrome Version: 66.0.3359.122 OS: iOS 11.3.1 What steps will reproduce the problem? (1) Load the following pen: https://codepen.io/nironiro78/pen/ZoLJjQ/ Ignore the first bit in the pen about loading Google Cast. That code is not invoked AFAICT. What is the expected result? The pen writes "[object HTMLDivElement]" forever What happens instead? The pen writes "[object HTMLDivElement]" 5-7 times then triggers the exception handler with an alert: isNode: false, error: TypeError: Argument 1 ('node') to Node.appendChild must be an instance of Node Note that this pen works as expected in Safari.
,
May 9 2018
olivierrobin@ could you PTAL? ccing miu@ since he seems to be working on Cast
,
May 9 2018
The tag is iOS but the text is mac and linux. mfoltz@, is it mac or iOS?
,
May 9 2018
It was reported originally on iOS.
,
May 10 2018
Sorry, ignore the references to Mac, that was an error on my part (although I assume Mac would show the same behaviour as linux - no exception but weird output in the dev tools).
,
May 11 2018
The issue is that codepen uses cross origin iFrames. Code frame is https://s.codepen.io when window is https://codepen.io. When the codepen tries to initialize cast, it calls invokeOnHost, and the first instruction is if (typeof window.top.__gCrWeb.windowId != 'string') { which tries to do a cross origin call and throws the exception.
,
May 11 2018
Does this bug represent a problem not seen on codepen.io? It looks like codepen can't be used on iOS due to cross origin iframe restrictions. If I use the source from the codepen in comment #0 and put it into an html file (attached), it looks like this functions correctly on iOS.
,
May 11 2018
The problem is seen with codepen. If you load the page in 0, you get an error in the web inspector.
,
May 14 2018
It looks like the problem is not with codepen. Below is another example which reproduces the bug on Chrome for iOS both on iPad and iPhone The reason this didn't reproduce for you when taken off codepen is because for some reason now the google cast lib seems to finishing initialization before the window.onload event. If it indeed finishes before we have any reference to a DOM node then everything's fine. If it finishes after then any previously referenced DOM node becomes invalid. Please find attached better script illustrating the problem. In the that script I'm getting a ref to the 'content' node on DOMContentLoaded, before the GCast is initialized, and then I'm checking the node's status within an interval. A little after __onGCastApiAvailable is invoked the 'content' node becomes invalid.
,
May 30 2018
Any updates here?
,
May 30 2018
Mike, let's try to fix this in M68.
,
Jun 14 2018
syatam@, thank you for the example script in comment #9. I tested this in the iOS simulator so that I could easily inspect the JS and I am able to reproduce the node becoming invalid. However, I am not confident that the |instanceof Node| test is actually correct. I inspected bodyNode at the testNodesStatus alert and at the GCast loaded alert and it doesn't actually look like |bodyNode| is becoming invalid. Although the instanceof test fails, |bodyNode| still looks OK to me. Please see the attached screenshots of the debugger at each of these points. (I am also no longer seeing a SecurityError in the console.)
,
Sep 14
mfoltz@ or syatam@ are you still seeing this?
,
Sep 14
(Fix CC'd members)
,
Sep 15
,
Oct 2
This may be related to Bug 889529. In both cases the code loaded by cast_sender.js seems to be causing problems with DOM APIs. I'm not really set up to debug this at the moment, but CCing two members of the Cast team who may want to see the data in this bug.
,
Oct 26
,
Oct 26
,
Oct 26
,
Nov 5
I believe that this is no longer an issue, as Cast support has been removed from iOS (Bug 872050). |
||||||||||||
►
Sign in to add a comment |
||||||||||||
Comment 1 by fergal@chromium.org
, May 9 2018Components: -Blink>DOM Internals>Cast
Labels: -Pri-3 OS-Linux Pri-2
Summary: when cast API becomes available DOM objects start to misbehave (was: document.getElementById returns a non-Node value when called repeatedly)
235 KB
235 KB View Download