0

I'm writing a website for my own use which I am not planning to put on any public domain. It's been a few months since I have done anything to advance this project, and as such, I had to read over it a bit before continuing. The problem I had, appeared when I run the program. I seem to be getting an error that I pasted below:

Uncaught SecurityError: Blocked a frame with origin "null" from accessing a frame with origin "null". Protocols, domains, and ports must match.

I had done a bit of research and it appears to be caused by browser thinking I'm trying to read the href of a parent document from an iframe. Whilst this is what I am doing, the domains are the same since I'm only running the scripts locally, and I'm not accessing any internet files. Through my research I did, I found out that this error has something to do with security with cross domain scripting that can be a security risk. Below I pasted the line that gives me the error:

if (window.top.location.href.includes("/Character.html")) {
    window.top.location.href = "main.html?page=Character.html";
} else if (window.top.location.href.includes("/main.html")) {
//...

The above check is in order that if I accidentally open the Character.html page, it'll redirect me to the main page and load up the character page in an iframe. (That way I have the entire website navigation from the main page on all pages) Is there a way I can check the top location without triggering an error? I have tried document.referrer but it seems to not return the desired value. Perhaps there is a round about way that will do what I am trying to do?

Also, I believe when I was testing it a few months ago on Firefox on a Linux it worked (Chrome gave me the same error but I'm not sure it was because of the same reason)

Alexz
  • 75
  • 1
  • 10
  • 2
    Looks to me like you are loading without a server - just opening files. If you serve your files from localhost this should work. – Gerrit0 Feb 11 '17 at 15:54
  • 2
    Browsers consider every distinct `file://` URL to be distinct domains. – Pointy Feb 11 '17 at 15:55
  • @Pointy is there a way around that? – Alexz Feb 11 '17 at 15:56
  • 1
    Chrome lets you start it up with an option to allow cross-file access (`--allow-file-access-from-files`), or at least it used to. – Pointy Feb 11 '17 at 15:59
  • @Pointy I tried launching chrome from the CMD with the command you gave and I encountered the same error. – Alexz Feb 11 '17 at 16:13
  • @Gerrit0 How would I do that? I found & read [a page which elaborates on what Pointy said](http://stackoverflow.com/questions/18586921/how-to-launch-html-using-chrome-at-allow-file-access-from-files-mode) and tried installing using 'npm install -g http-server' but it came back with _'npm' is not recognized as an internal or..._ I guess I'm being a bit stupid, but I'm trying to follow instructions word for word without messing anything up. – Alexz Feb 11 '17 at 16:18
  • 2
    While you can run a simple server with Node, as it seems you don't already have it installed it's probably easier to use the simple server built into python (already installed if you are on Linux) in your web root directory run `python -m SimpleHTTPServer 8080` (leave the terminal open) then visit http://localhost:8080 – Gerrit0 Feb 11 '17 at 16:29
  • @Gerrit0 I have windows, but I do have python 3.5. 'SimpleHTTPServer' isn't defined, but through the online documentation, I have found 'http.server' and it works. Thank you so much. I never thought of using python. – Alexz Feb 11 '17 at 16:49
  • @Gerrit0 How do I stop the local server? – Alexz Feb 11 '17 at 16:54
  • 1
    Just closing the command prompt running the server should do it, alternatively if it is running in the background task manager is probably your best bet. – Gerrit0 Feb 11 '17 at 16:55

0 Answers0