Tuesday, May 14, 2024
Homepage · iframe
 Popular · Latest · Hot · Upcoming
185
rated 0 times [  187] [ 2]  / answers: 1 / hits: 5788  / 2 Years ago, sat, august 13, 2022, 12:00:00

I loaded a website of my own design in an iframe. This website contains links to other cross-domain pages. I wrote a javascript function to retrieve the title of the current page contained in the iframe, but when I run my application at localhost:3000, I get the error:


Uncaught DOMException: Blocked a frame with origin "http://localhost:3000" from accessing a cross-origin frame.

Even when I am using this javascript method on the page that was originally loaded in the iframe, I still get the same error.
I would like to know exactly what is causing this error.


More From » iframe
 Answers
9

The Same Origin Policy is a security feature that protects user data across origins.


Consider what would happen if you loaded my webmail service into a frame on your site and were then able to access the DOM of that page. This would be a security disaster.


Even just reading the title could expose if I was logged in (and thus had an account on the site) or not (and probably don’t) which would be useful information for constructing a phishing attack.


[#38] Thursday, July 14, 2022, 2 Years  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
vaughns
Add To Favorites
Follow
Total Points: 20
Total Questions: 112
Total Answers: 112
Location: Falkland Islands
Member since Mon, Jul 13, 2020
4 Years ago
vaughns questions
Fri, Jan 14, 22, 00:00, 2 Years ago
Sat, Jan 8, 22, 00:00, 2 Years ago
Wed, Apr 28, 21, 00:00, 3 Years ago
Thu, Sep 24, 20, 00:00, 4 Years ago
Fri, Aug 28, 20, 00:00, 4 Years ago
View All
;