Issue 851856 link

Starred by 1 user

Issue metadata

Status:	Duplicate
Merged:	issue 849708
Owner:	----
Closed:	Jun 2018
Components:	Blink>SecurityFeature>CORS
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	2
Type:	Bug-Regression
Needs-Bisect Via-Wizard-Security Needs-Triage-M67

—disable-web-security not working for cross-origin frame

Reported by draclo...@gmail.com, Jun 12 2018

Issue description

UserAgent: Mozilla/5.0 (iPhone; CPU iPhone OS 11_2_6 like Mac OS X) AppleWebKit/604.5.6 (KHTML, like Gecko) Version/11.0 Mobile/15D100 Safari/604.1

Steps to reproduce the problem:
1. Launch chrome with —disable-web-security —user-data-dir=xxx
2. Open my page which has an iframe from different domain
3. Call a JavaScript method within the iframe from main page

What is the expected behavior?
The JS call should succeed

What went wrong?
An exception thrown said cross-origin frame access is blocked (something like that)

Did this work before? Yes 66

Chrome version: 67.0.3396.79  Channel: stable
OS Version: 10
Flash Version:

Comment 1 by pauljensen@chromium.org, Jun 12 2018

Components: Blink>SecurityFeature>CORS

Comment 2 by krajshree@chromium.org, Jun 12 2018

Labels: Needs-Bisect Needs-Triage-M67

Comment 3 by alex...@chromium.org, Jun 12 2018

Mergedinto: 849708
Status: Duplicate (was: Unconfirmed)

This is probably due to site isolation, which is being enabled in M67, and sounds similar to issue 849708.  You can confirm by checking if setting chrome://flags/#site-isolation-trial-opt-out to "Opt out" resolves things.
For now, I'll merge this report to that issue, and we can continue the discussion there.

►

Issue 851856 link

Issue metadata

—disable-web-security not working for cross-origin frame

Issue description

Comment 1 by pauljensen@chromium.org, Jun 12 2018

Comment 1 Deleted

Comment 2 by krajshree@chromium.org, Jun 12 2018

Comment 2 Deleted

Comment 3 by alex...@chromium.org, Jun 12 2018

Comment 3 Deleted

Sign in to add a comment