Facebook like and Twitter tweet buttons causing Cross Domain Issues

20
votes

I am using both the twitter tweet button, and the facebook like button

<a href="http://twitter.com/share" 
   class="twitter-share-button"
   data-url="http://example.com"
   data-text="some text"
   data-count="horizontal"
   data-via="someone">Tweet
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>

<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
<fb:like 
   class="fbShare" 
   href="http://example.com" 
   font="" send="true" 
   layout="button_count" 
   show_faces="false">
</fb:like>

But both of them are spitting out Cross domain Errors, Not one or two, but continuously.

the actual errors (with substitutions) are

Unsafe JavaScript attempt to access frame with URL https://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3cde04b84%26origin%3Dhttp%253A%252F%252Fexample.com%252Ff20b9fb1fc%26relation%3Dparent.parent%26transport%3Dpostmessage&href=http%253A%252F%252Fexample.com%252F&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=150 from frame with URL http://example.com/. Domains, protocols and ports must match.

Unsafe JavaScript attempt to access frame with URL http://platform0.twitter.com/widgets/tweet_button.html?_=1308700896075&count=horizontal&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fexample.com%2F&text=some text&url=http%3A%2F%2Fexample.com%2F&via=someone from frame with URL http://example.com/. Domains, protocols and ports must match.

2
javascriptfacebooktwittersdkcross-domain
Have you tried only having one of them on the page and seeing if it might be only the one that causes this? - Sean Kinsey
Sure you haven't got some other plugin on the page that tries to enumerate all iframes and get access to them? I've seen this happen before. - Sean Kinsey
can you give link to your page? I might be able to help - Tarun

2 Answers

28
votes

This seems to be a bug with the Twitter button code that you would probably want to log with Twitter. It seems to be attempting to traverse every dom object on the page and it is not able to access the Facebook iframe object. For example, if you also add the Google +1 button, it will now throw an additional similar message but for Google related urls.

The functionality doesn't seem to be impacted though so I would just ignore it. Any site using this Tweet button and also another iframe from a different server (eg Facebook/G+ button) will also have the same issue (for example try any page on mashable.com). If you do not want to just ignore it, you could remove the Twitter javascript reference and create a custom Tweet button as mentioned on their Tweet button page, by using javascript to popup this url format: http://twitter.com/share?url=http%3A%2F%2Fdev.twitter.com%2Fpages%2Ftweet-button, with the downside of this being that the tweet count won't show on your page.

4
votes

I know that question is damn old. But since that issue with Twitter is still valid, as a follow up on BK's answer, I created a custom tweet button that looks exactly like the one of Twitter's JS API but doesn't use it and still includes the share count! So, for those interested, I uploaded it to my GitHub.

Demo: http://fiddle.jshell.net/eyecatchup/Th6P2/2/show/
Code: https://github.com/eyecatchup/tweetbutton