GWT 阻止了来源为 "http://localhost" 的框架访问跨域框架
GWT Blocked a frame with origin "http://localhost" from accessing a cross-origin frame
我想让用户输入他们的 url 并在 iframe 中浏览。
在他们点击确认按钮后,我将从 iframe 获得 url 浏览。
IFrameElement frame = IFrameElement.as(DOM.createIFrame());
frame.setSrc("http://www.example.com"); //set the url of user enter
VerticalPanel ver = new VerticalPanel();
ver.getElement().appendChild(frame);
// After they click the confirm button, get the url from iframe
Window.alert(frame.getContentDocument().getURL());
但是我从 iframe
获取 url 后出现错误
Exception: com.google.gwt.event.shared.UmbrellaException: Exception
caught: (SecurityError) : Blocked a frame with origin
"http://localhost" from accessing a cross-origin frame.
简而言之:你不应该这样做,你也不能这样做。
第一个:
有些页面的作者根本不想让他们的页面显示在框架中。以 Facebook 为例,你会得到:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
还可以检查(使用脚本)页面是否在框架中,'break through' 并以 main window、http://www.interia.pl/ 为例。
所以,有些页面无法在框架中显示。
第二个:
Simply stated, the SOP states that JavaScript code running on a web page may not interact with any resource not originating from the same web site. The reason this security policy exists is to prevent malicious web coders from creating pages that steal web users’ information or compromise their privacy. While very necessary, this policy also has the side effect of making web developers’ lives difficult.
我想让用户输入他们的 url 并在 iframe 中浏览。 在他们点击确认按钮后,我将从 iframe 获得 url 浏览。
IFrameElement frame = IFrameElement.as(DOM.createIFrame());
frame.setSrc("http://www.example.com"); //set the url of user enter
VerticalPanel ver = new VerticalPanel();
ver.getElement().appendChild(frame);
// After they click the confirm button, get the url from iframe
Window.alert(frame.getContentDocument().getURL());
但是我从 iframe
获取 url 后出现错误Exception: com.google.gwt.event.shared.UmbrellaException: Exception caught: (SecurityError) : Blocked a frame with origin "http://localhost" from accessing a cross-origin frame.
简而言之:你不应该这样做,你也不能这样做。
第一个:
有些页面的作者根本不想让他们的页面显示在框架中。以 Facebook 为例,你会得到:
Refused to display 'https://www.facebook.com/' in a frame because it set 'X-Frame-Options' to 'deny'.
还可以检查(使用脚本)页面是否在框架中,'break through' 并以 main window、http://www.interia.pl/ 为例。
所以,有些页面无法在框架中显示。
第二个:
Simply stated, the SOP states that JavaScript code running on a web page may not interact with any resource not originating from the same web site. The reason this security policy exists is to prevent malicious web coders from creating pages that steal web users’ information or compromise their privacy. While very necessary, this policy also has the side effect of making web developers’ lives difficult.