CODEWITHSUNDEEP
javascriptgoogle-chrome-extensionroblox
Luaox
Luaox

Reputation: 167

Loading iframe in google-chrome extension (Error: Protocols must match)

Code in manifest.json:

{
  "name": "Test",
  "version": "1.0",
  "manifest_version": 2,
  "description": "Test",
  "browser_action": {
      "default_icon": "icon.png",
      "default_popup": "popup.html"
  },
  "permissions": [
      "notifications",
      "https://www.roblox.com"
  ],
  "background": { "scripts": ["background.js"] },
  "content_security_policy": "script-src https://www.roblox.com 'self' ; object-src 'self'",
  "web_accessible_resources": [
    "icon.png"
  ]
}

Code in background.js:

var iframe = document.createElement("iframe")
iframe.src = "http://www.roblox.com/User.aspx?ID=1"

document.body.appendChild(iframe)

I keep getting this error:

Unsafe JavaScript attempt to access frame with URL chrome-extension://dbekkpdpdheclekbpajgigjdlpleolgd/_generated_background_page.html from frame with URL http://www.roblox.com/User.aspx?ID=1. The frame requesting access has a protocol of 'http', the frame being accessed has a protocol of 'chrome-extension'. Protocols must match.

Is there anyway to fix this?

Upvotes: 1

Views: 5608

Answers (1)

Sudarshan
Sudarshan

Reputation: 18544

Problem in your code is your http://www.roblox.com/* source is not secure. The whitelist only secure resources part of the Chrome error message refers to this. You have to use https://www.roblox.com/* and declare

"content_security_policy": "script-src https://roblox.com 'self' ; object-src 'self'"

in manifest file. I observed your domain has is making calls through

http://www.roblox.com/Ads/IFrameAdContent.aspx?v=2&slot=Roblox_User_Top_728x90&format=banner&v=2.

http URL, which is not white listed.

References for further reading

Upvotes: 1

Related Questions