javascript - postMessage to sandboxed iframe, why is recipient window origin null?

后端未结

关注

 1  379

攒了一身酷 2021-02-07 12:49

2 postMessage calls in the test: 1 using an asterisk for targetOrigin, one using the same https url of both the parent and child documents.

button 1:

$(\


      
      
        
          1条回答        

        
                    
            
            
                         
                
              
              
                
                   粉色の甜心
                                             
                
                
                (楼主)
            
              
              
                2021-02-07 13:24
              

            
            
                        
The problem is created by the </code> itself, with its <code>sandbox</code> attribute:</p>

<pre class="lang-html prettyprint-override"><code><iframe name="childFrame" class="iframed" src="child.html" sandbox="allow-scripts">


As per the Mozilla Developer Network documentation on this element, the following gives a problem about same-origin policy:


  allow-same-origin: If this token is not used, the resource is treated as being from a special origin that always fails the same-origin policy.


You didn't specified allow-same-origin, that means the frame is treated as being from a special origin, and postMessage calls to that frame will fail.

To solve the problem, just add allow-same-origin to the sandbox attribute, like this:














That's it!
    
             
                                                        
            
            
              
                
                0
              
                   
                
               讨论(0)
              
                                                  
              
              
                          
             
       
          
              
                                    
                         
                    


               
            
    发布评论:
    
         
                        
    
    提交评论 
  
  

                    
                    
                    
                        
                        
                         加载中...
                        
                    
                
          
                              			
        
        
        
          
            
            
              
              
            
    


                                 
              
            
                          
    

        
         
                验证码
                
                  
                
                
                   看不清?
                
              
                                  
                    
   
                 
             
              提交回复