Blocked a frame with origin "xyz" from accessing a cross-origin frame.

To understand what is going on in this error you must first understand what an inline frame(iframe) is and how it works. The link provided here gives a basic explanation.

 

This error is caused when an iframe is called on a site with Cross Origin Resource Sharing (CORS) rules configured to not allow the frame. Below is an example of a javascript iframe injection to a webpage:

 
let injectIframe = function(url) {

let iframe = document.createElement('iframe');

iframe.addEventListener("load", function() {

console.log(iframe.contentWindow);

console.log(iframe.contentWindow.document);

});

iframe.src = url;

document.body.appendChild(iframe);

};


let scriptUrl = "https://www.help.noibu.com"; // This can be any URL the issue is the iframe call itself not the website




if (document.readyState !== "loading" && document.body) {

injectIframe(scriptUrl);

} else {

document.addEventListener("DOMContentLoaded", function() {

injectIframe(scriptUrl);

});

}



This function is a script that waits for the page to load. After the page has loaded it then calls our iframe function. Our iframe function then appends a new inline frame to the body of our page. You can copy and paste this script into your browser on this page and you will be able to see this script throw the error.


In general the solution can be solved in your site's CORS configuration. For newer Safari browsers this may not be an option. Solutions to these problems may be a case by case basis but depending on how it is manifesting and the role it is playing on your site can potentially be crucial to solve.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.