Blocked from accessing a cross origin frame

0
votes

When I put allow-same-origin, it works but when I remove it, I have :

Blocked a frame with origin "http://localhost:****" from accessing a cross-origin frame.

I need just to allow allow-scripts and allow-modals.

Here is the working code :

function updateIframe(iframe) {
   iframe[0].contentWindow.getMinHeight();
}

I search on the forum but the protocol and the domain of iframe and of the site is the same. I don't understand where can be the error.

The parent : http://localhost****

The iframe src : http://localhost:****/My/path/for/the/file

Port is the same and I need to avoid allow-same-origin for the cookie security

2
javascripthtmlnode.jsiframe

2 Answers

0
votes

If the ****'s are for different ports, note that the port must also be the same for it to count as a same-origin request.

0
votes

If allow-same-origin isn't an option, try allow-origin and pass in http://localhost:3000 or whatever your port number is. You'll obviously have to change it to the production URL for deployment.