Using window.opener causes CORS error

Question

I have an application that creates a pop-up window, which loads a page which then fetches data from the opening window, like so:

var globals = window.opener.globalsCache;

However, when deployed to production, this intermittently causes the following error:

DOMException: Blocked a frame with origin from accessing a cross-origin frame

Note that the popup window has exactly the same URL as the opener, except for the hash. (i.e. https:/hostname.tld/application/#page-name ).

Has anyone seen this issue before? Any ideas on why it is happening and how to fix it?

This question might be helpful https://stackoverflow.com/questions/25098021/securityerror-blocked-a-frame-with-origin-from-accessing-a-cross-origin-frame — Tnc Andrei, Apr 12 '18 at 10:48

score 2 · Answer 1 · answered Apr 12 '18 at 11:04

2

window.open uses another domain "window.opener" and so document.referrer won't match. Check this ref. of same issue: Guarantee the origin (parent URL) of a cross domain window.opener call by preliminary CORS call to the server

answered Apr 12 '18 at 11:04

Miroslav Savovski

1 Answers1