SecurityError from Facebook and Cross Domain Messaging

Question

We have an application that utilizes the facebook javascript sdk and login capabilities.

We\'ve been noticing this error come up in our production logs. Specificall

Answer 1

I ran into this issue as well, and after digging around it seems to be a bug in the browser's autofill: the stacktrace that is send to our logging cluster looks as followed:

g@https://example.com:5:190, 
g@https://example.com:7:323, 
extractNewForms@https://example.com:13:37, 
extractForms@https://example.com:8:381, 
global code@https://example.com:1:98

As you can see, the error happens somewhere in an extractForms function, which (for us) doesn't exist anywhere in the code base. A Google search reveals that both extractForms and extractNewForms are part of the browser's autofill library, and the thread here suggests that there is a bug in there (comments 12 & 15 are most relevant to your issue).

As far as I can tell this is also not specifically related to Facebook: in our logs we see similar errors for more iframes, including iframes from (sub)domains we control ourselves.

Unfortunately I don't know about any fix or workaround, and I also highly doubt if a (user-land) fix/workaround is actually possible. I think the only thing you can do is to ignore these errors.