3

I have in my site facebook like plugin, and I try to get the conetnt of facebook iframe by the code:

iframe[0].contentDocument || iframe[0].contentWindow.document;

But in console I get this Error:

Uncaught SecurityError: Failed to read the 'contentDocument' property from 'HTMLIFrameElement': Blocked a frame with origin "http://like2see.co.il" from accessing a frame with origin "https://www.facebook.com". The frame requesting access has a protocol of "http", the frame being accessed has a protocol of "https". Protocols must match

I did a search and I get this answer Console displays Uncaught SecurityError So I understand that because my site its not https, there is a solution there but I dont understand him, maybe someone know another solution or can explain me the one that mention there?

Community
  • 1
  • 1
Kaki Baleven
  • 335
  • 3
  • 6
  • 18
  • 3
    The error is caused by your site not being `https://www.facebook.com` - you can't read content across domains – Pointy Oct 16 '15 at 18:02
  • 1
    This is happening because of the [same-origin policy](https://en.wikipedia.org/wiki/Same-origin_policy). – Rocket Hazmat Oct 16 '15 at 18:05

1 Answers1

1

Unless you disable the security features of your browser, you are not allowed to cross domains and peek at the contents of the iframe on Facebook.com.

In Google Chrome you can disable security with these startup flags but it is not recommended:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --allow-running-insecure-content --disable-web-security

Plus your users will not disable their security.

You will need to find another way to do what it is that you are trying to do.

This other answer about the same-origin policy may be helpful to read.

Community
  • 1
  • 1
Scott
  • 3,602
  • 2
  • 19
  • 40