Содержание
I am trying to list the names of all the iframe s in a page, so I can access them through Selenium.
The problem is that the name of the iframe changes each time, so I need to loop through all of them.
Uncaught DOMException: Blocked a frame with origin "http://localhost:8080" from accessing a cross-origin frame.
error when I try to loop over them using:
Is there a way to get the name of the iframe in a different way?
4 Answers 4
This error message.
. implies that the WebDriver instance blocked from accessing a cross-origin frame.
Same-origin policy
Same-origin policy : Same-origin policy restricts how a document or script loaded from one origin can interact with a resource from another origin. It is a critical security mechanism for isolating potentially malicious documents.
Cross-Origin Resource Sharing (CORS)
Cross-Origin Resource Sharing (CORS) : Cross-Origin Resource Sharing (CORS) is a mechanism that uses additional HTTP headers to tell a Browser Client to let the AUT (Application under Test) running at one origin (domain) have permission to access selected resources from a server at a different origin. A web application makes a cross-origin HTTP request when it requests a resource that has a different origin ( domain , protocol , and port ) than its own origin.
Example of an origin
Here is an example of origin comparisons to the URL http://store.company.com/dir/page.html
What went wrong
When you tried to loop through frames your script/program tried to access an with different origin using JavaScript which would been a huge security flaw if you would have achieved it. As mentioned above the same-origin policy browsers block scripts trying to access a with a different origin.
Two pages have the same origin if the protocol, port (if one is specified), and host are the same for both the webpages. You’ll see this referred to as the "scheme/host/port tuple" at times (where a "tuple" is a set of three components that together comprise a whole). Perhaps the protocol, domain, hostname and port must be the same of your same domain when you want to access the desired frame.
Solution
The AUT may contain numerous frames / iframes and some of them may be loaded only after certain JavaScript / Ajax have completed where as some of them may be having style attribute set as display:none; or visiblity as hidden. Of-course won’t require to interact with all of them. So it will be a better approach to identify the attributes of the and switch accordingly. You can switch to an through:
- Frame Name
- Frame ID
- Frame Index
- WebElement
As per best practices when you intent to switch to a frame induce WebDriverWait for frameToBeAvailableAndSwitchToIt as per the references below.
Here you can find a relevant discussion on Uncaught DOMException
References
In the A Better Approach to Switch Frames section of this discussion you will find the different approaches on How can I select a html element no matter what frame it is in in selenium?
Comments
Copy link Quote reply
analytics-bootcamp commented Oct 23, 2018
I encountered this with a newer version of Jupyter notebook. I think it has to do with a change of the Tornado version.
This is how to replicate:
(pull the most recent image from Docker, 3 days old at the time of writing)
docker run -p 8888:8888 jupyter/scipy-notebook:6c85e4b43a26
do a !pip install visJS2jupyter
Use f12 to look at the console error.
The line is crashes on is: function init()
I believe that using may solve it, but it may need to be called from the Jupyter notebook rather than the iframe itself. In any case, the current implementation looks broken. My way of solving it was to go back to an older version of the notebook stack (I still had an
4 months old image cached at my system, so I’m unable to give you the tag number that works).
This comment has been minimized.
Copy link Quote reply
analytics-bootcamp commented Oct 24, 2018 •
So, my dear friend and colleague Sudheer, who understands this stuff way deeper than I do dug into the matter and reported the following:
-the issue is caused by the (new) content security policy.
-iframe is not the way to go. The visJS2jupyter should employ posting a div element in the notebook and subsequently populate the div with the HTML. In this way it also prevents creating a local file (which is ugly).
On first sight, you may think you can get away with adding the sandbox attribute (https://www.w3schools.com/tags/att_iframe_sandbox.asp) however, this doesn’t work as can be demonstrated by:
(You do this after the regular graph call created this style_file0.html file.). The HTML inserts the iframe with the proper attributes. The reason it doesn’t work can be found here:
https://github.com/jupyter/notebook/blob/master/notebook/static/base/js/security.js
(Jupyter notebook employs a js scrubbing scripts to get rid of anything they don’t want).
If you run the notebook in a Docker, the way around this is to setup nginx with specifically the following lines:
for all locations, you give:
proxy_hide_header Content-Security-Policy;
proxy_hide_header X-Frame-Options;
and for the server you add:
add_header Content-Security-Policy "default-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’; connect-src http:
ws: https:; style-src http: https: ‘unsafe-inline’ ‘unsafe-eval’; script-src ‘unsafe-inline’ ‘unsafe-eval’
http: https:";
that is: for all the services, you remove the headers, and then nginx puts back the headers that you want.
Sudheer, you are awesome to have found all this out! Thank you! I bet other people running into the same will be helped by your deep understanding of the matter 🙂
Я пытаюсь получить доступ к html-документу из одного из моих фреймов с помощью javascript, но я получаю сообщение об Uncaught DOMException: Blocked a frame with origin "null" from accessing a cross-origin frame. ошибка.
Это главная страница:
Как вы можете видеть, я пытаюсь извлечь содержимое div которое: "abc".
Я думаю, что оба: iframe.contentDocument: iframe.contentWindow.document являются нулевыми, и я не знаю почему.
Похоже, если вы пытаетесь получить доступ к фреймам непосредственно из своего браузера, не имея веб-службы, вам не разрешено по соображениям безопасности (вы можете получить доступ к системным файлам).
Я исправил свою проблему, установив xampp и переместив все мои файлы в htdocs, и все сработало, как ожидалось.