"Unsafe JavaScript attempt to access frame with URL..." error being continuously generated in Chrome webkit inspector

129
votes

Chrome (or any other webkit browser) throws a ton of these "Unsafe JavaScript attempt to access frame with URL..." when working with the Facebook API for example.

It doesn't interfere with actual operation, but it does make the javascript console basically unusable.

I'd like to know if there is a way to suppress these errors specifically in the console? Or if there are other solutions you guys can think of, I would really appreciate it.

Thanks.

5
javascriptfacebookgoogle-chromewebkitfacebook-opengraph
Currently I'm using the workaround of just having the console tab set to show logs only. I'm looking for a solution that allows me to track errors (just not this one). - Neil Sarkar
it would be good to provide a sample of how you are using the API. there are lots of reasons why this could happen. - Kinlan
I know what you mean, but I'm pretty sure this happens with any facebook integration. For an example, open your webkit js console on this Domino's site (in production) pizzaholdouts.com - Neil Sarkar
Aren't you simply trying cross-site scripting? Are you requesting facebook api addresses from your own server? Way is bit different. - Tomasz Durka
not requesting anything, I just put in the boilerplate stuff to get the js sdk working developers.facebook.com/docs/reference/javascript - Neil Sarkar

5 Answers

19
votes

You could allow cross-domain requests during testing by running chrome with the --disable-web-security command line option. This should probably get rid of the error (and allow FB to spy on your testing ;)

4
votes

This happens when a source from an different domain is loaded and tries to access the document.cookie. It happens with head sources (script tags) as well with iframe documents which try to access the document.cookie for some reason.

4
votes

Whats the problem?

Tons of Unsafe JavaScript attempt to access frame with URL... error messages in the Chrome JS console.

As @thechrisproject points out, these errors are caused by many reputable 3rd party api's and widgets, including but not limited to:

  • The Facebook JS SDK
  • Vimeo Iframe Embed
  • Google Maps Iframe Embed

My understanding on the why: (please correct me if I'm wrong)

Chrome has stricter security settings and/or shows more such errors than competing browsers. API/widget/embed authors attempt to do things (cross-domain/frame) that will not work in all browsers (probably for their own reporting/analytics) but that don't actually effect the usuabilty of their widget if it doesn't work (just causes a lot of annoying errors)

Quick Answer

NO, you cannot (just) suppress these errors in the chrome console.

Solutions?

  • Deal with it. These errors do not actually break these 3rd party apis and widgets, they just make the console much more difficult to use
  • you can set the console to log only Warnings, Logs, or Debug messages. This will hide ALL errors.
  • you can use another browser
  • As @Dagg_Nabbit. pointed out, you can allow cross-domain requests by running chrome with the --disable-web-security command line option. More information here: Disable same origin policy in Chrome. Note that this setting will negatively effect the security of your browser. I have 2 chrome shortcuts so I can open it with or without this flag.
3
votes

Since we can't blame the people from Google for constructing such a safe browser, I think the best solution is to use Facebook's server-side solutions (e.g. PHP SDK), it'll save you a lot, lot, lot, lot, lot of headache. The only advantage I see in using the FB javascript SDK is the popup login which you can do yourself using javascript/jQuery.

2
votes

These errors can be thrown if, when you register your app with Facebook, you don't have a trailing forward slash in the Site URL field. In other words, you need "http://domain.com/" not "http://domain.com"

You can check the Site URL setting from developers.facebook.com/apps Edit settings -> Basic -> Site URL.