Chrome Extension: Unsafe JavaScript attempt to access frame with URL Domains, protocols and ports must match

Question

This answer specifies explains how to access the content of all iframes on gmail.com https://stackoverflow.com/a/9439525/222236

But on mail.google.com it throws this error:

Unsafe JavaScript attempt to access frame with URL https://plus.google.com/u/0/_/... from frame with URL https://mail.google.com/mail/u/0/#inbox. Domains, protocols and ports must match.

I tried adding *://plus.google.com/* to the matches of the manifest of the extension, but it didn't help.

Update: Checking for the url before accessing the content works, but my logic is very crude at the moment as it only checks for google plus:

        if(-1==iframes[i].src.indexOf('plus.google.com')) {
            contentDocument = iframes[i].contentDocument;
            if (contentDocument && !contentDocument.rweventsadded73212312) {
                // add poller to the new iframe
                checkForNewIframe(iframes[i].contentDocument);
            }
        }

Rob W · Accepted Answer

Access is blocked due to the same origin policy.
The right way to avoid the error is to exclude the frames from a different origin. Your logic is very crude indeed. It does not specifically look in the host name, and it doesn't account for other domains.
Invert the logic to have a robust solution:

if (iframes[i].src.indexOf(location.protocol + '//' + location.host) == 0 ||
    iframes[i].src.indexOf('about:blank') == 0 || iframes[i].src == '') {

Explanation of this white list:

protocol://host/ = https://mail.google.com.
Obviously, the current host has to be allowed
about:blank and an empty string
These frames are dynamically created and scripted by GMail.

Chrome Extension: Unsafe JavaScript attempt to access frame with URL Domains, protocols and ports must match

Answers (2)

Related Questions