Chrome 扩展:不安全的 JavaScript 尝试使用 URL 访问框架 域、协议和端口必须匹配
此答案指定说明如何访问 gmail.com 上所有 iframe 的内容 https://stackoverflow.com/a/9439525/222236
This answer specifies explains how to access the content of all iframes on gmail.com https://stackoverflow.com/a/9439525/222236
但是在 mail.google.com 上它会抛出这个错误:
But on mail.google.com it throws this error:
Unsafe JavaScript attempt to access frame with URL https://plus.google.com/u/0/_/... from frame with URL https://mail.google.com/mail/u/0/#inbox. Domains, protocols and ports must match.
我尝试将 *://plus.google.com/* 添加到扩展程序清单的匹配项中,但没有帮助.
I tried adding *://plus.google.com/* to the matches of the manifest of the extension, but it didn't help.
更新:在访问内容之前检查 url 有效,但目前我的逻辑非常粗略,因为它只检查 google plus:
Update: Checking for the url before accessing the content works, but my logic is very crude at the moment as it only checks for google plus:
if(-1==iframes[i].src.indexOf('plus.google.com')) {
contentDocument = iframes[i].contentDocument;
if (contentDocument && !contentDocument.rweventsadded73212312) {
// add poller to the new iframe
checkForNewIframe(iframes[i].contentDocument);
}
}
推荐答案
由于同源导致访问被阻止政策.
避免错误的正确方法是排除来自不同来源的帧.你的逻辑确实很粗糙.它不专门查看主机名,也不考虑其他域.
反转逻辑以获得稳健的解决方案:
Access is blocked due to the same origin policy.
The right way to avoid the error is to exclude the frames from a different origin. Your logic is very crude indeed. It does not specifically look in the host name, and it doesn't account for other domains.
Invert the logic to have a robust solution:
if (iframes[i].src.indexOf(location.protocol + '//' + location.host) == 0 ||
iframes[i].src.indexOf('about:blank') == 0 || iframes[i].src == '') {
这个白名单的解释:
protocol://host/=https://mail.google.com.
显然,必须允许当前主机about:blank和一个空字符串
这些框架由 GMail 动态创建和编写脚本.
protocol://host/=https://mail.google.com.
Obviously, the current host has to be allowedabout:blankand an empty string
These frames are dynamically created and scripted by GMail.
相关文章