GWT Blocked a frame with origin “http://localhost” from accessing a cross-origin frame

0
votes

I would like to allow the user enter their url and browse in the iframe. After they click the confirm button, i will get the url the browse from the iframe.

IFrameElement frame = IFrameElement.as(DOM.createIFrame());
frame.setSrc("http://www.example.com"); //set the url of user enter
VerticalPanel ver = new VerticalPanel();
ver.getElement().appendChild(frame);

// After they click the confirm button, get the url from iframe
Window.alert(frame.getContentDocument().getURL());

But i got an error after i get the url from iframe

Exception: com.google.gwt.event.shared.UmbrellaException: Exception caught: (SecurityError) : Blocked a frame with origin "http://localhost" from accessing a cross-origin frame.

1
javascriptiframegwt

1 Answers

3
votes

In short: you should not do this and you can not do this.

First:

Some pages' authors simply do not want to let their pages to be displayed in a frame. Try Facebook for example, you'll get:

Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

One can also check (with a script) if the page is in a frame and 'break through' and take main window, http://www.interia.pl/ is an example.

So, there are pages that can not be shown in a frame.

Second:

Read about Same Origin Policy (SOP):

Simply stated, the SOP states that JavaScript code running on a web page may not interact with any resource not originating from the same web site. The reason this security policy exists is to prevent malicious web coders from creating pages that steal web users’ information or compromise their privacy. While very necessary, this policy also has the side effect of making web developers’ lives difficult.