问题
Thanks stackoverflow i solved a lot of my javascript problems, but now i stopped at the point without hope. It is hard to describe, there is clear video shows my problem with drag drop cross-domains iframe.
http://www.youtube.com/watch?v=v65mO27h75E
- First part in Iceweasel (and FF, Opera) = iframe d&d work OK.
- Second part in Chromium (and Chrome) = iframe d&d NOT work.
and there are links to example iframes set and iframes sources:
- parent page: http:// msdrop.com/msdrop-jquery-test-iframe-frameset.htm
- iframe A: http:// msdrop.com
- iframe B: http:// nextgd.com/msdrop-jquery-test-iframe.htm
Is it Chrome bug, or security that comes under "Same origin policy"? This is strange because d&d works excellent between two windows, and want not work at all from parent window to iframe.
Thanks for suggestions. Piotr
EDIT: It's possible Chrome/Chromium security mitigation is overly broad. Issue 251718: https://code.google.com/p/chromium/issues/detail?id=251718
回答1:
Now, at: http://msdrop.com/msdrop-jquery-test-iframe-frameset.htm there are 4 iframes
- IFRAME A: the same domain as parent
- IFRAME B: other domain
- IFRAME C: the same domain + sandbox="allow-scripts"
- IFRAME D: other domain + sandbox="allow-scripts"
In FF, all frames works that i expects.
In Chrome, and Chromium only on iframe A works all dragover, dragenter, dragleave, and drop events.
回答2:
i think i found answer, drag and drop events works on iframe when open Chromium or Chrome without restrictions.
chromium-browser --disable-web-security
google-chrome --disable-web-security
But if it is about Google Chrome "web security", why JavaScript Console do not show any info or warrning, and why drag and drop works excellent between two windows, drag and drop works even from firefox to chrome.
edit: Google Chrome: "You are using an unsupported command-line flag: --disable-web-security. Stability and security will suffer." so flag works but is unsupported?
I do not understand.
回答3:
Adding sandbox="allow-scripts" to the iframe element solves this issue for me.
eg:
<iframe sandbox="allow-scripts" src=".." />
来源:https://stackoverflow.com/questions/16968818/drag-and-drop-cross-domains-iframes-browsers-windows