hello.js:1404 Uncaught DOMException: Blocked a frame with origin = from accessing a cross-origin frame

[salimmejdoub]

Hello how can i fix this

hello.js:1404 Uncaught DOMException: Blocked a frame with origin = from accessing a cross-origin frame

[MrSwitch]

If the resource presents has defined a content security policy for the request being made then modern browsers will throw this exception.

Is this one of the existing services? What part of your code triggers this?

[mharrcgs]

Hello; We are implementing helloJS into our portal and are encountering the same error which occurs on callback from successful authentication. This is only occurring so far with users on Win 10 systems. Error message below with reference to hello JS code lines: Blocked a frame with origin "{site url ....}" from accessing a cross-origin frame. hello.all.js:1557 at authCallback (site url .....) hello.all.js:1557:27 at object.responseHandler (site url......) hello.all.js:1498:5 at {site url..............} hello.all.js:2804:13

We are also using the https://auth-server.herokuapp.com/ for the oauth proxy at this time. It is working fine for Win 8.1 Pro computers. The computers are the only common clear difference we can determine at this point between those that work and those that do not.

Can you provide any direction on this? Thanks very much in advance!!

[MrSwitch]

Hi @mharrcgs That seems to be a separate issue, and would occur if you've defined a redirect_uri to be on a different origin from your application

[mharrcgs]

Thanks for such a quick reply! Sorry if I am missing something but I do not believe the redirect_uri is on a different origin. example below: https://env.azurewebsites.net {origin} https://env.azurewebsites.net/callback/ {redirect_uri} The problem the Windows 10 users experience is that the popup login authenticates but does not return control to the calling browser page. Using Debug the code stops at the point indicated. The auth-server would be a cross orign call but is that handled in the hello JS logic?

Frustrating issue is that this is working on all but Windows 10 users at this point. I appreciate your time and if you can clarify if you still believe this is a redirect_uri issue. Thanks in advance!

[MrSwitch]

Your assumptions all seem spot on.

Can you determine the page from which the error is triggered? Also consider using display: "page" option.

[mharrcgs]

Thank you again for such a quick reply. I implemented the display "page" option and that causes issue with the users that were working. I will look into this further to try to provide some better detail along with what may be happening on the routing/redirect so that I can validate callback logic and let you know. Thanks!

[georg-schwarz]

Any new insights on this? Struggeling with the same problem when using Chrome (Firefox works fine).