Unsafe JavaScript Attempt when trying to reload frame

Question

This is annoying. I am trying to make it so that when the I press F5, the frame reloads. I have got it so that if the focus is on the main page (not the iframe) it works. However, when I try to implement a similar solution or even make any attempt to communicate with the iframe, I get an 'Unsafe JavaScript attempt to access frame'. To be more specific, the exact error is:

Unsafe JavaScript attempt to access frame with URL http://www.spow.tk/projects/test from frame with URL http://spow.tk/projects/Explorer/02/. Domains, protocols and ports must match.

Please help as this really is a pain. Thanks

Answer 1

"default_value": "Pterodactyl Server",
            "user_viewable": true,
            "user_editable": true,
            "rules": "required|string|max:30"
            "rules": "required|string|max:30",
            "field_type": "text"
        },
        {
            "name": "MOTD",
            "description": "Specify the message of the day",
            "env_variable": "MOTD",
            "default_value": "Welcome to the server",
            "user_viewable": true,
            "user_editable": true,
            "rules": "required|string|max:20"
            "rules": "required|string|max:64",
            "field_type": "text"
        }
    ]

Answer 2

spow.tk and www.spow.tk are considered to be different domains.

One thing you can do however, is to force your site to use one or the other, so that this issue doesn't arise again. For instance, if you're using Apache, you can modify your .htaccess to redirect all requests from spow.tk to www.spow.tk (or www.spow.tk to spow.tk if that's what you prefer). Even if your users or code reference one domain, the request will be redirect to the domain you specified.

Answer 3

Those two sites are on different domains. Due to security restrictions in Javascript, you cannot script across domains. Check out Wikipedia or Mozilla for more info (quoted Mozilla to prevent link rot):

The same origin policy prevents a document or script loaded from one origin from getting or setting properties of a document from another origin. This policy dates all the way back to Netscape Navigator 2.0.

Mozilla considers two pages to have the same origin if the protocol, port (if one is specified), and host are the same for both pages. The following table gives examples of origin comparisons to the URL http://store.company.com/dir/page.html:

URL                                                 Outcome   Reason
http://store.company.com/dir2/other.html            Success  
http://store.company.com/dir/inner/another.html Success  
https://store.company.com/secure.html           Failure   Different protocol
http://store.company.com:81/dir/etc.html            Failure   Different port
http://news.company.com/dir/other.html          Failure   Different host

There is one exception to the same origin rule. A script can set the value of document.domain to a suffix of the current domain. If it does so, the shorter domain is used for subsequent origin checks. For example, assume a script in the document at http://store.company.com/dir/other.html executes the following statement:

document.domain = "company.com"; After that statement executes, the page would pass the origin check with http://company.com/dir/page.html. However, by the same reasoning, company.com could not set document.domain to othercompany.com.

Port number is kept by the browser separately. Any call to the setter, including document.domain = document.domain causes the port number to be overwritten with null. Therefore one can not make company.com:8080 talk to company.com by only setting document.domain = "company.com" in the first. It has to be set in both so that port numbers are both null.