Login/Register
"Unsafe JavaScript attempt to access frame with URL..." error being continuously generated in Chrome webkit inspector
Asked Answered
Solved javascriptfacebookgoogle-chromewebkitfacebook-opengraph
S

5

130

Chrome (or any other webkit browser) throws a ton of these "Unsafe JavaScript attempt to access frame with URL..." when working with the Facebook API for example.

It doesn't interfere with actual operation, but it does make the javascript console basically unusable.

I'd like to know if there is a way to suppress these errors specifically in the console? Or if there are other solutions you guys can think of, I would really appreciate it.

Thanks.

Sphygmograph answered 9/6, 2010 at 21:40 Comment(8)
Currently I'm using the workaround of just having the console tab set to show logs only. I'm looking for a solution that allows me to track errors (just not this one).Sphygmograph
it would be good to provide a sample of how you are using the API. there are lots of reasons why this could happen.Beauty
I know what you mean, but I'm pretty sure this happens with any facebook integration. For an example, open your webkit js console on this Domino's site (in production) pizzaholdouts.comSphygmograph
Aren't you simply trying cross-site scripting? Are you requesting facebook api addresses from your own server? Way is bit different.Splashdown
not requesting anything, I just put in the boilerplate stuff to get the js sdk working developers.facebook.com/docs/reference/javascriptSphygmograph
Have you tried to catch the exception by enclosing that part of your code on a try/catch statement?Inversion
@Sebastian I think the issue is that the call is made somewhere in the facebook hosted script, which I wouldn't be able to modify to do thatSphygmograph
Chrome thus informs you that some JavaScript code tries to access to restricted data on other domainsCasady
D
19

You could allow cross-domain requests during testing by running chrome with the --disable-web-security command line option. This should probably get rid of the error (and allow FB to spy on your testing ;)

Donia answered 25/7, 2010 at 2:33 Comment(3)
hmm that's intriguing...is there a way to set the option that way aside from the command line? I tried this from the command line: /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --disable-web-security and it seemed to work! but it said it wasn't able to load my profile...any idea how to set that flag from within the app, or set it to default to that?Sphygmograph
as an update, I'm now using chrome exclusively, and I still would love to know the answer to thisSphygmograph
open -a '/Applications/Google Chrome Canary.app' --args --disable-web-securityRichelieu
G
5

Whats the problem?

Tons of Unsafe JavaScript attempt to access frame with URL... error messages in the Chrome JS console.

As @thechrisproject points out, these errors are caused by many reputable 3rd party api's and widgets, including but not limited to:

  • The Facebook JS SDK
  • Vimeo Iframe Embed
  • Google Maps Iframe Embed

My understanding on the why: (please correct me if I'm wrong)

Chrome has stricter security settings and/or shows more such errors than competing browsers. API/widget/embed authors attempt to do things (cross-domain/frame) that will not work in all browsers (probably for their own reporting/analytics) but that don't actually effect the usuabilty of their widget if it doesn't work (just causes a lot of annoying errors)

Quick Answer

NO, you cannot (just) suppress these errors in the chrome console.

Solutions?

  • Deal with it. These errors do not actually break these 3rd party apis and widgets, they just make the console much more difficult to use
  • you can set the console to log only Warnings, Logs, or Debug messages. This will hide ALL errors.
  • you can use another browser
  • As @Dagg_Nabbit. pointed out, you can allow cross-domain requests by running chrome with the --disable-web-security command line option. More information here: Disable same origin policy in Chrome. Note that this setting will negatively effect the security of your browser. I have 2 chrome shortcuts so I can open it with or without this flag.
Gadfly answered 15/3, 2013 at 18:21 Comment(0)
U
4

This happens when a source from an different domain is loaded and tries to access the document.cookie. It happens with head sources (script tags) as well with iframe documents which try to access the document.cookie for some reason.

Utas answered 11/5, 2011 at 17:47 Comment(0)
A
3

Since we can't blame the people from Google for constructing such a safe browser, I think the best solution is to use Facebook's server-side solutions (e.g. PHP SDK), it'll save you a lot, lot, lot, lot, lot of headache. The only advantage I see in using the FB javascript SDK is the popup login which you can do yourself using javascript/jQuery.

Admirable answered 9/3, 2011 at 5:45 Comment(4)
Why will using the PHP SDK (or other server side SDK) save a lot of headache?Lasley
@steve: The mere fact that Chrome is blocking the unsafe request answers a lot regarding how insecure client-side processing is.Admirable
IMHO pollution of the JS console should not be a primary consideration in deciding whether to put logic server-side or client side.Gadfly
Performance, Security, Code Organization / Maintainability, portability - all things I'd consider first. #1517352Gadfly
S
2

These errors can be thrown if, when you register your app with Facebook, you don't have a trailing forward slash in the Site URL field. In other words, you need "http://domain.com/" not "http://domain.com"

You can check the Site URL setting from developers.facebook.com/apps Edit settings -> Basic -> Site URL.

Speos answered 19/4, 2012 at 5:49 Comment(1)
Could you please clarify your sentence to me?Neall

© 2022 - 2024 — McMap. All rights reserved.