0

I have a Chrome Extension, so by definition it runs inside the browser. I have been studying some other posts with similar issues:

Chrome Extension - Uncaught DOMException: Blocked a frame with origin from accessing a cross-origin frame

SecurityError: Blocked a frame with origin from accessing a cross-origin frame

https://forums.asp.net/t/2119174.aspx?Blocked+a+frame+with+origin+from+accessing+a+cross+origin+frame+

In my extension code I'm doing the following:

var innerDoc = iframe.contentDocument || iframe.contentWindow.document;

In a previous version of Chrome, early in 2018 or maybe going back to 2017, this code worked fine, but now it throws this error:

Uncaught DOMException: Blocked a frame with origin "https://play.google.com" from accessing a cross-origin frame. at eval (eval at getGooglePlayVideoArray (chrome-extension://mabfegpcoejeoliboopmoeoodfiocgcn/js/ZingFilter.js:727:27), :1:22) at getGooglePlayVideoArray (chrome-extension://mabfegpcoejeoliboopmoeoodfiocgcn/js/ZingFilter.js:727:27) at loadVideo (chrome-extension://mabfegpcoejeoliboopmoeoodfiocgcn/js/ZingFilter.js:760:21) at chrome-extension://mabfegpcoejeoliboopmoeoodfiocgcn/js/ZingFilter.js:493:46

What I don't understand is how Chrome can see this as cross-origin given the fact that my extension js is injected right into the browser page. What makes it think it's cross-origin? Is my only solution to resort to this?

HerrimanCoder
  • 5,858
  • 20
  • 65
  • 111
  • 1
    Have you added `"all_frames": true` to the content_scripts? – Peter Bode Dec 19 '18 at 14:48
  • wOxxOm: https://play.google.com/store/movies/details?id=RGSNWMLe13g (you'll have to pay to watch it) - Peter: I had `all_frames` set to `false`. I changed it to true and reloaded my extension. No change, same error. – HerrimanCoder Dec 19 '18 at 21:51
  • To bad, maybe this [question](https://stackoverflow.com/questions/3102819/disable-same-origin-policy-in-chrome)/answer fixes it.. – Peter Bode Dec 20 '18 at 10:07
  • Peter, I'm sure that would fix it, but I don't control end users' browsers and cannot ask them to do that. – HerrimanCoder Dec 20 '18 at 12:49
  • 1
    @HerrimanCoder, I see the same behavior in devtools console in the main page context so evidently this is a consequence of `allow` attribute which defines [Feature Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Feature_Policy). The way it's implemented now doesn't account for chrome extensions because iclelland@chromium.org who implemented it in Chrome didn't care/know about it. The usual workaround is to declare a content script to run in that iframe and then communicate via DOM messaging or chrome messaging. BTW use `@` prefix before a user name to notify that user. – wOxxOm Dec 24 '18 at 09:14
  • @wOxxOm, thanks, but when I use `@` prefix before username, the username sometimes disappears entirely, which really puzzles me. – HerrimanCoder Dec 25 '18 at 15:01
  • IIRC it disappears only when the mentioned user's comment is the last one - because your comment would trigger notification for that user in this case automatically. – wOxxOm Dec 25 '18 at 16:33

0 Answers0