react-google-recaptcha icon indicating copy to clipboard operation
react-google-recaptcha copied to clipboard

Published 20 hours ago verified publisher icon dozoisch

Uncaught SecurityError in Google iframe when unmounting

Open laserpants opened this issue 8 years ago • 11 comments

When the component gets unmounted (e.g., when navigating to a different page using react-router), an exception occurs:

Uncaught SecurityError: Blocked a frame with origin "https://www.google.com" from 
accessing a frame with origin "localhost". The frame requesting access has a protocol 
of "https", the frame being accessed has a protocol of "http". Protocols must match.

Possible solution is to remove the iframe container inserted by the reCAPTCHA script in componentWillUnmount.

laserpants avatar Sep 02 '15 00:09 laserpants

I submitted a pull request with the proposed fix.

laserpants avatar Sep 02 '15 00:09 laserpants

Just curious, does that work when going back? Or when rerendering the component? Just want to make sure that it rerender the iframe correctly.

dozoisch avatar Sep 02 '15 00:09 dozoisch

It appears to work. I am not doing any server-side rendering or fancy stuff. With react-router the script is injected each time the page is visited (this is what your async loader script is doing, I believe). The problem with the exception only occurs if the user has completed the "challenge", and then leaves the page. Destroying the iframe solves this, and doesn't affect the performance of the component in subsequent page visits. I.e., I can run the captcha and then open another page, come back and start over again.

laserpants avatar Sep 02 '15 01:09 laserpants

The problem is mentioned here: https://developers.google.com/recaptcha/docs/faq

I'm getting an uncaught SecurityError: blocked a frame with origin "https://www.google.com" from accessing a frame with origin "". What should I do?

This typically occurs if the reCAPTCHA widget HTML element is programmatically removed sometime after the end user clicks on the checkbox. We recommend using the grecaptcha.reset() javascript function to reset the reCAPTCHA widget.

I tried this solution, but couldn't get it to work. Removing the iframe was the only solution that worked for me. Some threads on StackOverflow suggested this as well.

laserpants avatar Sep 02 '15 01:09 laserpants

http://stackoverflow.com/questions/27402217/googles-recaptcha-gives-uncaught-securityerror-after-successfull-validation-in

laserpants avatar Sep 02 '15 01:09 laserpants

Alright, I'll try to merge it as soon as I can

dozoisch avatar Sep 02 '15 14:09 dozoisch

Any update on this I have the same issue arising?

bobiblazeski avatar Oct 20 '15 18:10 bobiblazeski

Alas, no. Not from my side, at least. I think we got stuck trying to figure out a way to relate the html container injected by Google's code to the captcha for a specific component. As mentioned by @dozoisch in my pull request https://github.com/dozoisch/react-google-recaptcha/pull/8, it is possible to simply remove all the containers, but it doesn't really solve to the problem.

laserpants avatar Oct 20 '15 19:10 laserpants

@johanneshilden I have a single recaptcha will the patch work ?

@dozoisch Is there a plan to merge the patch, maybe add some parameter to not trigger for users who have more then one captcha?

bobiblazeski avatar Oct 21 '15 10:10 bobiblazeski

@bobiblazeski Assuming Google hasn't changed the widget in some way that would affect this, the second solution I suggested should still work as long as you only have one component:

componentWillUnmount() {
  Array.prototype.slice.call(document.getElementsByTagName('IFRAME')).forEach(element => {
    if (element.src.indexOf('www.google.com/recaptcha') > -1 && element.parentNode) {
      element.parentNode.removeChild(element);
    }
  });
}

laserpants avatar Oct 21 '15 12:10 laserpants

@johanneshilden Many thanks will use that as temporary solution.

bobiblazeski avatar Oct 21 '15 13:10 bobiblazeski