1

I have an HTML page that contains a button says "Open Popup". Once this button is clicked, a popup window opens (using window.open).

The new popup window is an HTML page that contains a simple input filed and a submit button. Once the submit button is clicked, the popup window should close, and the text that's just been typed in the input field should now be displayed in the parent window.

I've tried doing it using opener.document.getElementById. It works perfectly in Firefox, but not in Chrome.

This is the code of my parent page (parent.html):

<!DOCTYPE html>
<html>
<body>

<button type="button" onclick="openPopup()">Open Popup</button>

<p id="result"></p>

<script type="text/javascript">
function openPopup() {
 var popupWindow = window.open('popup.html', '', 'width=300, height=200');
}
</script>

</body>
</html>

And this is the code of my popup (popup.html):

<!DOCTYPE html>
<html>
<body>

<input type="text" id="userText" placeholder="Please enter some text">

<button type="button" onclick="submitText()">Submit!</button>

<script type="text/javascript">
function submitText() {
 opener.document.getElementById('result').innerHTML = 'The text you\'ve entered is: ' + document.getElementById('userText').value;
 self.close();
}
</script>

</body>
</html>

Note: Both parent and popup files are located in my desktop.

As mention, it works in Firefox, but not in Chrome. When I click the "Submit!" button in Chrome, nothing happens, and the following error shows up in the console:

Uncaught DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame.

I spent hours trying to find help online, but I still can't make Chrome pass data from popup window to parent page (which both are, as mentioned, located in my desktop, i.e. in the same directory).

Thanks in advance.

Guy
  • 23
  • 4
  • For development purposes you can can disable CORS. See here: https://stackoverflow.com/questions/3102819/disable-same-origin-policy-in-chrome – mentallurg Jun 02 '18 at 21:06

1 Answers1

0

What you are encountering is a security feature of Chrome that is applying a web security standard called CORS (Cross-Origin Request Specification). It's meant to prevent one website from accessing another (because this is a common technique to try and trick people into giving up personal information), unless both the pages originate from the same domain. For example, http://domainA.com shouldn't be able to communicate with http://domainB.com by default. In situations were this is a legitimate need, server configuration is required to allow it.

Because you are running your tests from your desktop (without a web server) no domain information is present and Chrome thinks you are making a Cross-Origin Request.

If you run your files from a web server (over http or https), it will work.

There are many free web servers available for you to set up on your local machine and many development tools incorporate their own web servers. For example, VS code and Visual Studio are both free and have web servers included.

Scott Marcus
  • 57,085
  • 6
  • 34
  • 54
  • Thank you both. I will try to disable CORS. – Guy Jun 03 '18 at 17:12
  • I've tried to up vote but I get the following message: Thanks for the feedback! Votes cast by those with less than 15 reputation are recorded, but do not change the publicly displayed post score. – Guy Jun 03 '18 at 22:20