Login/Register
SWFobject inside iFrame: Cross domain stuff?
Asked Answered
iframeflashembedswfobject
S

2

6

I have a simple html-site with an embedded Flash file and SWFobject is used on it.

This site is the src of an iframe. If I open the site with the iframe on it the console tells me … 

Unsafe JavaScript attempt to access frame with URL file:///experiment/iframe-
test/index.html from frame with URL http://localhost.lan/embed/GYZA. Domains,
protocols and ports must match. -> swfobject.js

I wonder what the parent window (with the iframe in it) has to do with the swfobjet inside the iframe? So as mentioned above the swfobject is used to embed the flash on the child-page that is loaded into the iframe. The iframe-test/index.html site has just …

<body>
    <iframe src="http://localhost.lan/embed/GYZA" width="100%" height="100%" frameborder="0" allowfullscreen></iframe>
</body>

… on it. Nothing more. Why do I have an unsafe javascript attempt here?

Any ideas on that? Thank you in advance.

update: Well, I just recognized that this happens to Youtube and Vimeo as well for their embedded players. I'm using the chrome console and the same error occurs for Youtube and Vimeo.

Satiny answered 21/5, 2012 at 6:2 Comment(0)
H
0

Don't know if this is of any use now but the error is thrown because file:///experiment/iframe-test/index.html and http://localhost.lan/embed/GYZA are seen by the browser as two different domains so the browser's cross domain policy deems this unsafe. Depending on the browser the user has, this might be unsafe - the remote page you are loading could have harmful scripts that might destabilize the current page you are viewing or try and steal various pieces of information. You can find more info here.

Holyhead answered 26/10, 2012 at 10:23 Comment(0)
T
0

I just validated Matt's updated question.

Whenever a flash object is embedded in a cross-domain iframe, it will throw a cross-domain exception. This is true for Youtube and Vimeo.

For example, check out this jsfiddle with an iFrame embedded: http://jsfiddle.net/bkCdB/

<object width="420" height="315"><param name="movie" value="http://www.youtube.com/v/6V_DsL1x1uY?version=3&amp;hl=en_US"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/6V_DsL1x1uY?version=3&amp;hl=en_US" type="application/x-shockwave-flash" width="420" height="315" allowscriptaccess="always" allowfullscreen="true"></embed></object>
Trenttrento answered 26/3, 2013 at 23:6 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.