Question

115

Chrome blocking iframe requests as cross-origin request even when origins are the same

rated 0 times [ 117] [ 2] / answers: 1 / hits: 11043 / 10 Years ago, tue, march 18, 2014, 12:00:00

This one has me stumped.

I have a web app that has a file upload/download area. Files are downloaded in the background via a temporary iFrame element. This is a single-paged AJAX application and the UI is written in Javascript, jQuery and uses the jQuery.FileDownloader.js to manage the iFrame. The application runs over HTTPS and the site and download URL are on the same exact domain. The back-end is a RESTful application. This has worked great for months. Until today.

All of a sudden, when attempting to download a file in Chrome, the browser reports an error of Blocked a frame with origin https://example.com from accessing a cross-origin frame.

The problem is that the origin of the main site and that of the iframe are the exact same domain. I have ensured that the domains are the same as well as the protocol. Chrome is the only browser that throws up the cross-origin error. IE, Firefox, Opera, Safari... all work as expected. It's only in Chrome and it's only as of today. To make things worse, no updates were made to the browser. It truly is spontaneous. I've also ruled out plugins as the cause by running in Incognito mode, where none are allowed to run by my settings, as well as disabling my anti-virus software. This problem is being exhibited on other computers, in other locations (not on our LAN or subnet), all running Chrome.

And, again, both domains of the parent frame and the embedded iframe are identical. This only happens against the production server which runs over HTTPS. Other non-HTTPS sites (e.g. our dev environment, localhost) don't have the problem. Our SSL is valid. Since this is a single-paged AJAX application, we're trying to avoid popping up another window for the download.

Hopefully, someone can offer some advice. Thanks in advance.

Update: After additional research, I have found the solution to this problem is to enclose the filename in the response header in double-quotes.

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

yosefleod

Add To Favorites

Follow

Total Points: 113

Total Questions: 100

Total Answers: 115

Location: Egypt

Member since Tue, May 3, 2022

2 Years ago

yosefleod questions

1 How to use Sign In With Google together with TokenClient?

Tue, Mar 8, 22, 00:00, 2 Years ago

1 What does the lodash get function do?

Thu, Apr 22, 21, 00:00, 3 Years ago

1 How to import .mjs modules in Jest's xyz.test.js?

Mon, Jul 27, 20, 00:00, 4 Years ago

1 Update a single property of local JSON file using put call in Angular 8

Sun, Dec 8, 19, 00:00, 5 Years ago

1 how can i check the voice channel ID that the person is after they execute a command and move to other voice channel in node.js?

Sun, Sep 29, 19, 00:00, 5 Years ago

View All

answered 10 Years ago marquezb · Accepted Answer

I have found the cause of the problem. It turns out that Google Chrome has problems with files that have commas in their filename. When downloading the file via a direct link, Chrome will report that duplicate headers were reported from the server. This has been a long-standing problem with Chrome that has gone un-addressed. Other browsers are not susceptible to this problem. Still, it's a fairly easy problem to troubleshoot and, indeed, when I searched on this error, the first search result had the solution: remove commas from filenames when handling a request from Google Chrome.

However, this wasn't a direct link, it was an AJAX-request, which results in a different exception. In this case, the error provided by Chrome is the cross-origin request exception and this is what made it so difficult to troubleshoot.

So, the tl;dr of it all is to strip out commas in the names of uploaded files.